summaryrefslogtreecommitdiffstats
path: root/debian/config-dir
diff options
context:
space:
mode:
Diffstat (limited to 'debian/config-dir')
-rw-r--r--debian/config-dir/apache2.conf.in225
-rw-r--r--debian/config-dir/conf-available/charset.conf6
-rw-r--r--debian/config-dir/conf-available/localized-error-pages.conf79
-rw-r--r--debian/config-dir/conf-available/other-vhosts-access-log.conf2
-rw-r--r--debian/config-dir/conf-available/security.conf58
-rw-r--r--debian/config-dir/conf-available/serve-cgi-bin.conf18
-rw-r--r--debian/config-dir/envvars47
-rw-r--r--debian/config-dir/magic935
-rw-r--r--debian/config-dir/mods-available/access_compat.load2
-rw-r--r--debian/config-dir/mods-available/actions.conf9
-rw-r--r--debian/config-dir/mods-available/actions.load1
-rw-r--r--debian/config-dir/mods-available/alias.conf19
-rw-r--r--debian/config-dir/mods-available/alias.load1
-rw-r--r--debian/config-dir/mods-available/allowmethods.load1
-rw-r--r--debian/config-dir/mods-available/asis.load2
-rw-r--r--debian/config-dir/mods-available/auth_basic.load2
-rw-r--r--debian/config-dir/mods-available/auth_digest.load2
-rw-r--r--debian/config-dir/mods-available/auth_form.load2
-rw-r--r--debian/config-dir/mods-available/authn_anon.load1
-rw-r--r--debian/config-dir/mods-available/authn_core.load1
-rw-r--r--debian/config-dir/mods-available/authn_dbd.load2
-rw-r--r--debian/config-dir/mods-available/authn_dbm.load1
-rw-r--r--debian/config-dir/mods-available/authn_file.load1
-rw-r--r--debian/config-dir/mods-available/authn_socache.load1
-rw-r--r--debian/config-dir/mods-available/authnz_fcgi.load1
-rw-r--r--debian/config-dir/mods-available/authnz_ldap.load2
-rw-r--r--debian/config-dir/mods-available/authz_core.load1
-rw-r--r--debian/config-dir/mods-available/authz_dbd.load2
-rw-r--r--debian/config-dir/mods-available/authz_dbm.load2
-rw-r--r--debian/config-dir/mods-available/authz_groupfile.load2
-rw-r--r--debian/config-dir/mods-available/authz_host.load2
-rw-r--r--debian/config-dir/mods-available/authz_owner.load1
-rw-r--r--debian/config-dir/mods-available/authz_user.load2
-rw-r--r--debian/config-dir/mods-available/autoindex.conf91
-rw-r--r--debian/config-dir/mods-available/autoindex.load1
-rw-r--r--debian/config-dir/mods-available/brotli.load1
-rw-r--r--debian/config-dir/mods-available/buffer.load1
-rw-r--r--debian/config-dir/mods-available/cache.load1
-rw-r--r--debian/config-dir/mods-available/cache_disk.conf21
-rw-r--r--debian/config-dir/mods-available/cache_disk.load2
-rw-r--r--debian/config-dir/mods-available/cache_socache.load2
-rw-r--r--debian/config-dir/mods-available/cern_meta.load1
-rw-r--r--debian/config-dir/mods-available/cgi.load1
-rw-r--r--debian/config-dir/mods-available/cgid.conf2
-rw-r--r--debian/config-dir/mods-available/cgid.load1
-rw-r--r--debian/config-dir/mods-available/charset_lite.load1
-rw-r--r--debian/config-dir/mods-available/data.load1
-rw-r--r--debian/config-dir/mods-available/dav.load3
-rw-r--r--debian/config-dir/mods-available/dav_fs.conf1
-rw-r--r--debian/config-dir/mods-available/dav_fs.load2
-rw-r--r--debian/config-dir/mods-available/dav_lock.load1
-rw-r--r--debian/config-dir/mods-available/dbd.load1
-rw-r--r--debian/config-dir/mods-available/deflate.conf7
-rw-r--r--debian/config-dir/mods-available/deflate.load2
-rw-r--r--debian/config-dir/mods-available/dialup.load1
-rw-r--r--debian/config-dir/mods-available/dir.conf1
-rw-r--r--debian/config-dir/mods-available/dir.load1
-rw-r--r--debian/config-dir/mods-available/dump_io.load1
-rw-r--r--debian/config-dir/mods-available/echo.load1
-rw-r--r--debian/config-dir/mods-available/env.load1
-rw-r--r--debian/config-dir/mods-available/expires.load1
-rw-r--r--debian/config-dir/mods-available/ext_filter.load1
-rw-r--r--debian/config-dir/mods-available/file_cache.load2
-rw-r--r--debian/config-dir/mods-available/filter.load1
-rw-r--r--debian/config-dir/mods-available/headers.load1
-rw-r--r--debian/config-dir/mods-available/heartbeat.load3
-rw-r--r--debian/config-dir/mods-available/heartmonitor.load3
-rw-r--r--debian/config-dir/mods-available/http2.conf30
-rw-r--r--debian/config-dir/mods-available/http2.load1
-rw-r--r--debian/config-dir/mods-available/ident.load1
-rw-r--r--debian/config-dir/mods-available/imagemap.load1
-rw-r--r--debian/config-dir/mods-available/include.load2
-rw-r--r--debian/config-dir/mods-available/info.conf9
-rw-r--r--debian/config-dir/mods-available/info.load1
-rw-r--r--debian/config-dir/mods-available/lbmethod_bybusyness.load2
-rw-r--r--debian/config-dir/mods-available/lbmethod_byrequests.load2
-rw-r--r--debian/config-dir/mods-available/lbmethod_bytraffic.load2
-rw-r--r--debian/config-dir/mods-available/lbmethod_heartbeat.load2
-rw-r--r--debian/config-dir/mods-available/ldap.conf4
-rw-r--r--debian/config-dir/mods-available/ldap.load1
-rw-r--r--debian/config-dir/mods-available/log_debug.load1
-rw-r--r--debian/config-dir/mods-available/log_forensic.load1
-rw-r--r--debian/config-dir/mods-available/lua.load1
-rw-r--r--debian/config-dir/mods-available/macro.load1
-rw-r--r--debian/config-dir/mods-available/md.load1
-rw-r--r--debian/config-dir/mods-available/mime.conf246
-rw-r--r--debian/config-dir/mods-available/mime.load1
-rw-r--r--debian/config-dir/mods-available/mime_magic.conf1
-rw-r--r--debian/config-dir/mods-available/mime_magic.load1
-rw-r--r--debian/config-dir/mods-available/mpm_event.conf14
-rw-r--r--debian/config-dir/mods-available/mpm_event.load2
-rw-r--r--debian/config-dir/mods-available/mpm_prefork.conf12
-rw-r--r--debian/config-dir/mods-available/mpm_prefork.load2
-rw-r--r--debian/config-dir/mods-available/mpm_worker.conf18
-rw-r--r--debian/config-dir/mods-available/mpm_worker.load2
-rw-r--r--debian/config-dir/mods-available/negotiation.conf14
-rw-r--r--debian/config-dir/mods-available/negotiation.load1
-rw-r--r--debian/config-dir/mods-available/proxy.conf21
-rw-r--r--debian/config-dir/mods-available/proxy.load1
-rw-r--r--debian/config-dir/mods-available/proxy_ajp.load2
-rw-r--r--debian/config-dir/mods-available/proxy_balancer.conf9
-rw-r--r--debian/config-dir/mods-available/proxy_balancer.load2
-rw-r--r--debian/config-dir/mods-available/proxy_connect.load2
-rw-r--r--debian/config-dir/mods-available/proxy_express.load2
-rw-r--r--debian/config-dir/mods-available/proxy_fcgi.load2
-rw-r--r--debian/config-dir/mods-available/proxy_fdpass.load2
-rw-r--r--debian/config-dir/mods-available/proxy_ftp.conf2
-rw-r--r--debian/config-dir/mods-available/proxy_ftp.load2
-rw-r--r--debian/config-dir/mods-available/proxy_hcheck.load2
-rw-r--r--debian/config-dir/mods-available/proxy_html.conf76
-rw-r--r--debian/config-dir/mods-available/proxy_html.load2
-rw-r--r--debian/config-dir/mods-available/proxy_http.load2
-rw-r--r--debian/config-dir/mods-available/proxy_http2.load2
-rw-r--r--debian/config-dir/mods-available/proxy_scgi.load2
-rw-r--r--debian/config-dir/mods-available/proxy_uwsgi.load2
-rw-r--r--debian/config-dir/mods-available/proxy_wstunnel.load2
-rw-r--r--debian/config-dir/mods-available/ratelimit.load2
-rw-r--r--debian/config-dir/mods-available/reflector.load1
-rw-r--r--debian/config-dir/mods-available/remoteip.load1
-rw-r--r--debian/config-dir/mods-available/reqtimeout.conf21
-rw-r--r--debian/config-dir/mods-available/reqtimeout.load1
-rw-r--r--debian/config-dir/mods-available/request.load1
-rw-r--r--debian/config-dir/mods-available/rewrite.load1
-rw-r--r--debian/config-dir/mods-available/sed.load1
-rw-r--r--debian/config-dir/mods-available/session.load1
-rw-r--r--debian/config-dir/mods-available/session_cookie.load2
-rw-r--r--debian/config-dir/mods-available/session_crypto.load2
-rw-r--r--debian/config-dir/mods-available/session_dbd.load2
-rw-r--r--debian/config-dir/mods-available/setenvif.conf26
-rw-r--r--debian/config-dir/mods-available/setenvif.load1
-rw-r--r--debian/config-dir/mods-available/slotmem_plain.load1
-rw-r--r--debian/config-dir/mods-available/slotmem_shm.load1
-rw-r--r--debian/config-dir/mods-available/socache_dbm.load1
-rw-r--r--debian/config-dir/mods-available/socache_memcache.load1
-rw-r--r--debian/config-dir/mods-available/socache_redis.load1
-rw-r--r--debian/config-dir/mods-available/socache_shmcb.load1
-rw-r--r--debian/config-dir/mods-available/speling.load1
-rw-r--r--debian/config-dir/mods-available/ssl.conf83
-rw-r--r--debian/config-dir/mods-available/ssl.load2
-rw-r--r--debian/config-dir/mods-available/status.conf23
-rw-r--r--debian/config-dir/mods-available/status.load1
-rw-r--r--debian/config-dir/mods-available/substitute.load1
-rw-r--r--debian/config-dir/mods-available/suexec.load1
-rw-r--r--debian/config-dir/mods-available/unique_id.load1
-rw-r--r--debian/config-dir/mods-available/userdir.conf8
-rw-r--r--debian/config-dir/mods-available/userdir.load1
-rw-r--r--debian/config-dir/mods-available/usertrack.load1
-rw-r--r--debian/config-dir/mods-available/vhost_alias.load1
-rw-r--r--debian/config-dir/mods-available/xml2enc.load1
-rw-r--r--debian/config-dir/ports.conf13
-rw-r--r--debian/config-dir/sites-available/000-default.conf29
-rw-r--r--debian/config-dir/sites-available/default-ssl.conf130
152 files changed, 2475 insertions, 0 deletions
diff --git a/debian/config-dir/apache2.conf.in b/debian/config-dir/apache2.conf.in
new file mode 100644
index 0000000..bc665d4
--- /dev/null
+++ b/debian/config-dir/apache2.conf.in
@@ -0,0 +1,225 @@
+# This is the main Apache server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+# /etc/apache2/
+# |-- apache2.conf
+# | `-- ports.conf
+# |-- mods-enabled
+# | |-- *.load
+# | `-- *.conf
+# |-- conf-enabled
+# | `-- *.conf
+# `-- sites-enabled
+# `-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+# together by including all remaining configuration files when starting up the
+# web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+# supposed to determine listening ports for incoming connections which can be
+# customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+# directories contain particular configuration snippets which manage modules,
+# global configuration fragments, or virtual host configurations,
+# respectively.
+#
+# They are activated by symlinking available configuration files from their
+# respective *-available/ counterparts. These should be managed by using our
+# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+# their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+# the default configuration, apache2 needs to be started/stopped with
+# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+# work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE! If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+___MUTEX___Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# The directory where shm and other runtime files will be stored.
+#
+
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
+</Directory>
+
+<Directory /usr/share>
+ AllowOverride None
+ Require all granted
+</Directory>
+
+<Directory /var/www/>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+#<Directory /srv/>
+# Options Indexes FollowSymLinks
+# AllowOverride None
+# Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
diff --git a/debian/config-dir/conf-available/charset.conf b/debian/config-dir/conf-available/charset.conf
new file mode 100644
index 0000000..40d7198
--- /dev/null
+++ b/debian/config-dir/conf-available/charset.conf
@@ -0,0 +1,6 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
diff --git a/debian/config-dir/conf-available/localized-error-pages.conf b/debian/config-dir/conf-available/localized-error-pages.conf
new file mode 100644
index 0000000..a3a198a
--- /dev/null
+++ b/debian/config-dir/conf-available/localized-error-pages.conf
@@ -0,0 +1,79 @@
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+# SetHandler directive in a <Location /> context somewhere. Adding
+# the following three lines AFTER the <Location /> context should
+# make it work in most cases:
+# <Location /error/>
+# SetHandler none
+# </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation. To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+# <IfModule mod_include.c>
+# <IfModule mod_alias.c>
+#
+# Alias /error/ "/usr/share/apache2/error/"
+#
+# <Directory "/usr/share/apache2/error">
+# Options IncludesNoExec
+# AddOutputFilter Includes html
+# AddHandler type-map var
+# Order allow,deny
+# Allow from all
+# LanguagePriority en cs de es fr it nl sv pt-br ro
+# ForceLanguagePriority Prefer Fallback
+# </Directory>
+#
+# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+# ErrorDocument 410 /error/HTTP_GONE.html.var
+# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+# </IfModule>
+# </IfModule>
+#</IfModule>
diff --git a/debian/config-dir/conf-available/other-vhosts-access-log.conf b/debian/config-dir/conf-available/other-vhosts-access-log.conf
new file mode 100644
index 0000000..9f7aecd
--- /dev/null
+++ b/debian/config-dir/conf-available/other-vhosts-access-log.conf
@@ -0,0 +1,2 @@
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
diff --git a/debian/config-dir/conf-available/security.conf b/debian/config-dir/conf-available/security.conf
new file mode 100644
index 0000000..cad7dc1
--- /dev/null
+++ b/debian/config-dir/conf-available/security.conf
@@ -0,0 +1,58 @@
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories.
+#
+# Examples:
+#
+#RedirectMatch 404 /\.git
+#RedirectMatch 404 /\.svn
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set Content-Security-Policy "frame-ancestors 'self';"
diff --git a/debian/config-dir/conf-available/serve-cgi-bin.conf b/debian/config-dir/conf-available/serve-cgi-bin.conf
new file mode 100644
index 0000000..ae660b1
--- /dev/null
+++ b/debian/config-dir/conf-available/serve-cgi-bin.conf
@@ -0,0 +1,18 @@
+<IfModule mod_alias.c>
+ <IfModule mod_cgi.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfModule mod_cgid.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfDefine ENABLE_USR_LIB_CGI_BIN>
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+ <Directory "/usr/lib/cgi-bin">
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Require all granted
+ </Directory>
+ </IfDefine>
+</IfModule>
diff --git a/debian/config-dir/envvars b/debian/config-dir/envvars
new file mode 100644
index 0000000..708d170
--- /dev/null
+++ b/debian/config-dir/envvars
@@ -0,0 +1,47 @@
+# envvars - default environment variables for apache2ctl
+
+# this won't be correct after changing uid
+unset HOME
+
+# for supporting multiple apache2 instances
+if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+ SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
+else
+ SUFFIX=
+fi
+
+# Since there is no sane way to get the parsed apache2 config in scripts, some
+# settings are defined via environment variables and then used in apache2ctl,
+# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
+export APACHE_RUN_USER=www-data
+export APACHE_RUN_GROUP=www-data
+# temporary state file location. This might be changed to /run in Wheezy+1
+export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
+export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
+export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
+
+## The locale used by some modules like mod_dav
+export LANG=C
+## Uncomment the following line to use the system default locale instead:
+#. /etc/default/locale
+
+export LANG
+
+## The command to get the status for 'apache2ctl status'.
+## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
+#export APACHE_LYNX='www-browser -dump'
+
+## If you need a higher file descriptor limit, uncomment and adjust the
+## following line (default is 8192):
+#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
+
+## If you would like to pass arguments to the web server, add them below
+## to the APACHE_ARGUMENTS environment.
+#export APACHE_ARGUMENTS=''
+
+## Enable the debug mode for maintainer scripts.
+## This will produce a verbose output on package installations of web server modules and web application
+## installations which interact with Apache
+#export APACHE2_MAINTSCRIPT_DEBUG=1
diff --git a/debian/config-dir/magic b/debian/config-dir/magic
new file mode 100644
index 0000000..cdf9ac5
--- /dev/null
+++ b/debian/config-dir/magic
@@ -0,0 +1,935 @@
+# Magic data for mod_mime_magic (originally for file(1) command)
+#
+# The format is 4-5 columns:
+# Column #1: byte number to begin checking from, ">" indicates continuation
+# Column #2: type of data to match
+# Column #3: contents of data to match
+# Column #4: MIME type of result
+# Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff: file(1) magic for locally observed files
+# Add any locally observed files here.
+
+# Real Audio (Magic .ra\0375)
+0 belong 0x2e7261fd audio/x-pn-realaudio
+0 string .RMF application/vnd.rn-realmedia
+
+#video/x-pn-realvideo
+#video/vnd.rn-realvideo
+#application/vnd.rn-realmedia
+# sigh, there are many mimes for that but the above are the most common.
+
+# Taken from magic, converted to magic.mime
+# mime types according to http://www.geocities.com/nevilo/mod.htm:
+# audio/it .it
+# audio/x-zipped-it .itz
+# audio/xm fasttracker modules
+# audio/x-s3m screamtracker modules
+# audio/s3m screamtracker modules
+# audio/x-zipped-mod mdz
+# audio/mod mod
+# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z)
+
+# Taken from loader code from mikmod version 2.14
+# by Steve McIntyre (stevem@chiark.greenend.org.uk)
+# <doj@cubic.org> added title printing on 2003-06-24
+0 string MAS_UTrack_V00
+>14 string >/0 audio/x-mod
+#audio/x-tracker-module
+
+#0 string UN05 MikMod UNI format module sound data
+
+0 string Extended\ Module: audio/x-mod
+#audio/x-tracker-module
+##>17 string >\0 Title: "%s"
+
+21 string/c \!SCREAM! audio/x-mod
+#audio/x-screamtracker-module
+21 string BMOD2STM audio/x-mod
+#audio/x-screamtracker-module
+1080 string M.K. audio/x-mod
+#audio/x-protracker-module
+#>0 string >\0 Title: "%s"
+1080 string M!K! audio/x-mod
+#audio/x-protracker-module
+#>0 string >\0 Title: "%s"
+1080 string FLT4 audio/x-mod
+#audio/x-startracker-module
+#>0 string >\0 Title: "%s"
+1080 string FLT8 audio/x-mod
+#audio/x-startracker-module
+#>0 string >\0 Title: "%s"
+1080 string 4CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string 6CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string 8CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string CD81 audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0 string >\0 Title: "%s"
+1080 string OKTA audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0 string >\0 Title: "%s"
+# Not good enough.
+#1082 string CH
+#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data
+1080 string 16CN audio/x-mod
+#audio/x-taketracker-module
+#>0 string >\0 Title: "%s"
+1080 string 32CN audio/x-mod
+#audio/x-taketracker-module
+#>0 string >\0 Title: "%s"
+
+# Impuse tracker module (it)
+0 string IMPM audio/x-mod
+#>4 string >\0 "%s"
+#>40 leshort !0 compatible w/ITv%x
+#>42 leshort !0 created w/ITv%x
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+# xml based formats!
+
+# svg
+
+0 string \<?xml
+# text/xml
+>38 string \<\!DOCTYPE\040svg image/svg+xml
+
+
+# xml
+0 string \<?xml text/xml
+
+
+#------------------------------------------------------------------------------
+# Java
+
+0 short 0xcafe
+>2 short 0xbabe application/java
+
+#------------------------------------------------------------------------------
+# audio: file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0 string .snd
+>12 belong 1 audio/basic
+>12 belong 2 audio/basic
+>12 belong 3 audio/basic
+>12 belong 4 audio/basic
+>12 belong 5 audio/basic
+>12 belong 6 audio/basic
+>12 belong 7 audio/basic
+
+>12 belong 23 audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0 lelong 0x0064732E
+>12 lelong 1 audio/x-dec-basic
+>12 lelong 2 audio/x-dec-basic
+>12 lelong 3 audio/x-dec-basic
+>12 lelong 4 audio/x-dec-basic
+>12 lelong 5 audio/x-dec-basic
+>12 lelong 6 audio/x-dec-basic
+>12 lelong 7 audio/x-dec-basic
+# compressed (G.721 ADPCM)
+>12 lelong 23 audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+# AIFF audio data
+8 string AIFF audio/x-aiff
+# AIFF-C audio data
+8 string AIFC audio/x-aiff
+# IFF/8SVX audio data
+8 string 8SVX audio/x-aiff
+
+
+
+# Creative Labs AUDIO stuff
+# Standard MIDI data
+0 string MThd audio/unknown
+#>9 byte >0 (format %d)
+#>11 byte >1 using %d channels
+# Creative Music (CMF) data
+0 string CTMF audio/unknown
+# SoundBlaster instrument data
+0 string SBI audio/unknown
+# Creative Labs voice data
+0 string Creative\ Voice\ File audio/unknown
+## is this next line right? it came this way...
+#>19 byte 0x1A
+#>23 byte >0 - version %d
+#>22 byte >0 \b.%d
+
+# [GRR 950115: is this also Creative Labs? Guessing that first line
+# should be string instead of unknown-endian long...]
+#0 long 0x4e54524b MultiTrack sound data
+#0 string NTRK MultiTrack sound data
+#>4 long x - version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
+# Microsoft RIFF
+0 string RIFF
+# - WAVE format
+>8 string WAVE audio/x-wav
+>8 string/B AVI video/x-msvideo
+#
+>8 string CDRA image/x-coreldraw
+
+# AAC (aka MPEG-2 NBC)
+0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS
+0 string ADIF audio/X-HX-AAC-ADIF
+0 beshort&0xffe0 0x56e0 audio/MP4A-LATM
+0 beshort 0x4De1 audio/MP4A-LATM
+
+# MPEG Layer 3 sound files
+0 beshort&0xfffe =0xfffa audio/mpeg
+#MP3 with ID3 tag
+0 string ID3 audio/mpeg
+# Ogg/Vorbis
+0 string OggS application/ogg
+
+#------------------------------------------------------------------------------
+# c-lang: file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0 string /*\ XPM image/x-xpmi 7bit
+
+# 3DS (3d Studio files)
+#16 beshort 0x3d3d image/x-3ds
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+# C or REXX program text
+#0 string /* text/x-c
+# C++ program text
+#0 string // text/x-c++
+
+#------------------------------------------------------------------------------
+# commands: file(1) magic for various shells and interpreters
+#
+#0 string :\ shell archive or commands for antique kernel text
+0 string #!/bin/sh application/x-shellscript
+0 string #!\ /bin/sh application/x-shellscript
+0 string #!/bin/csh application/x-shellscript
+0 string #!\ /bin/csh application/x-shellscript
+# korn shell magic, sent by George Wu, gwu@clyde.att.com
+0 string #!/bin/ksh application/x-shellscript
+0 string #!\ /bin/ksh application/x-shellscript
+0 string #!/bin/tcsh application/x-shellscript
+0 string #!\ /bin/tcsh application/x-shellscript
+0 string #!/usr/local/tcsh application/x-shellscript
+0 string #!\ /usr/local/tcsh application/x-shellscript
+0 string #!/usr/local/bin/tcsh application/x-shellscript
+0 string #!\ /usr/local/bin/tcsh application/x-shellscript
+# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+0 string #!/bin/bash application/x-shellscript
+0 string #!\ /bin/bash application/x-shellscript
+0 string #!/usr/local/bin/bash application/x-shellscript
+0 string #!\ /usr/local/bin/bash application/x-shellscript
+
+#
+# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
+0 string #!/bin/zsh application/x-shellscript
+0 string #!/usr/bin/zsh application/x-shellscript
+0 string #!/usr/local/bin/zsh application/x-shellscript
+0 string #!\ /usr/local/bin/zsh application/x-shellscript
+0 string #!/usr/local/bin/ash application/x-shellscript
+0 string #!\ /usr/local/bin/ash application/x-shellscript
+#0 string #!/usr/local/bin/ae Neil Brown's ae
+#0 string #!\ /usr/local/bin/ae Neil Brown's ae
+0 string #!/bin/nawk application/x-nawk
+0 string #!\ /bin/nawk application/x-nawk
+0 string #!/usr/bin/nawk application/x-nawk
+0 string #!\ /usr/bin/nawk application/x-nawk
+0 string #!/usr/local/bin/nawk application/x-nawk
+0 string #!\ /usr/local/bin/nawk application/x-nawk
+0 string #!/bin/gawk application/x-gawk
+0 string #!\ /bin/gawk application/x-gawk
+0 string #!/usr/bin/gawk application/x-gawk
+0 string #!\ /usr/bin/gawk application/x-gawk
+0 string #!/usr/local/bin/gawk application/x-gawk
+0 string #!\ /usr/local/bin/gawk application/x-gawk
+#
+0 string #!/bin/awk application/x-awk
+0 string #!\ /bin/awk application/x-awk
+0 string #!/usr/bin/awk application/x-awk
+0 string #!\ /usr/bin/awk application/x-awk
+# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
+#0 regex BEGIN[[:space:]]*[{] application/x-awk
+
+# For Larry Wall's perl language. The ``eval'' line recognizes an
+# outrageously clever hack for USG systems.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+0 string #!/bin/perl application/x-perl
+0 string #!\ /bin/perl application/x-perl
+0 string eval\ "exec\ /bin/perl application/x-perl
+0 string #!/usr/bin/perl application/x-perl
+0 string #!\ /usr/bin/perl application/x-perl
+0 string eval\ "exec\ /usr/bin/perl application/x-perl
+0 string #!/usr/local/bin/perl application/x-perl
+0 string #!\ /usr/local/bin/perl application/x-perl
+0 string eval\ "exec\ /usr/local/bin/perl application/x-perl
+
+#------------------------------------------------------------------------------
+# compress: file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+#0 string \037\235 application/x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+#0 string \037\213 application/x-gzip
+
+0 string PK\003\004 application/x-zip
+
+# RAR archiver (Greg Roelofs, newt@uchicago.edu)
+0 string Rar! application/x-rar
+
+# According to gzip.h, this is the correct byte order for packed data.
+0 string \037\036 application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0 short 017437 application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0 short 0x1fff application/octet-stream
+0 string \377\037 application/octet-stream
+# huf output
+0 short 0145405 application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats. Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+#0 leshort 0x76FF squeezed data (CP/M, DOS)
+#0 leshort 0x76FE crunched data (CP/M, DOS)
+
+# Freeze
+#0 string \037\237 Frozen file 2.1
+#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0 string \037\240 LZH compressed data
+
+257 string ustar\0 application/x-tar posix
+257 string ustar\040\040\0 application/x-tar gnu
+
+0 short 070707 application/x-cpio
+0 short 0143561 application/x-cpio swapped
+
+0 string =<ar> application/x-archive
+0 string \!<arch> application/x-archive
+>8 string debian application/x-debian-package
+
+#------------------------------------------------------------------------------
+#
+# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com)
+#
+0 beshort 0xedab
+>2 beshort 0xeedb application/x-rpm
+
+0 lelong&0x8080ffff 0x0000081a application/x-arc lzw
+0 lelong&0x8080ffff 0x0000091a application/x-arc squashed
+0 lelong&0x8080ffff 0x0000021a application/x-arc uncompressed
+0 lelong&0x8080ffff 0x0000031a application/x-arc packed
+0 lelong&0x8080ffff 0x0000041a application/x-arc squeezed
+0 lelong&0x8080ffff 0x0000061a application/x-arc crunched
+
+0 leshort 0xea60 application/x-arj
+
+# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
+2 string -lh0- application/x-lharc lh0
+2 string -lh1- application/x-lharc lh1
+2 string -lz4- application/x-lharc lz4
+2 string -lz5- application/x-lharc lz5
+# [never seen any but the last; -lh4- reported in comp.compression:]
+2 string -lzs- application/x-lha lzs
+2 string -lh\ - application/x-lha lh
+2 string -lhd- application/x-lha lhd
+2 string -lh2- application/x-lha lh2
+2 string -lh3- application/x-lha lh3
+2 string -lh4- application/x-lha lh4
+2 string -lh5- application/x-lha lh5
+2 string -lh6- application/x-lha lh6
+2 string -lh7- application/x-lha lh7
+# Shell archives
+10 string #\ This\ is\ a\ shell\ archive application/octet-stream x-shell
+
+#------------------------------------------------------------------------------
+# frame: file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0 string \<MakerFile application/x-frame
+0 string \<MIFFile application/x-frame
+0 string \<MakerDictionary application/x-frame
+0 string \<MakerScreenFon application/x-frame
+0 string \<MML application/x-frame
+0 string \<Book application/x-frame
+0 string \<Maker application/x-frame
+
+#------------------------------------------------------------------------------
+# html: file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+#
+0 string/cB \<!DOCTYPE\ html text/html
+0 string/cb \<head text/html
+0 string/cb \<title text/html
+0 string/bc \<html text/html
+0 string \<!-- text/html
+0 string/c \<h1 text/html
+
+0 string \<?xml text/xml
+
+#------------------------------------------------------------------------------
+# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR: what the hell is this doing in here?]
+#0 string xbtoa btoa'd file
+
+# PBMPLUS
+# PBM file
+0 string P1 image/x-portable-bitmap 7bit
+# PGM file
+0 string P2 image/x-portable-greymap 7bit
+# PPM file
+0 string P3 image/x-portable-pixmap 7bit
+# PBM "rawbits" file
+0 string P4 image/x-portable-bitmap
+# PGM "rawbits" file
+0 string P5 image/x-portable-greymap
+# PPM "rawbits" file
+0 string P6 image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR: this *must* go before TIFF]
+0 string IIN1 image/x-niff
+
+# TIFF and friends
+# TIFF file, big-endian
+0 string MM image/tiff
+# TIFF file, little-endian
+0 string II image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115: this was mine ("Zip GIF"):
+# ZIF image (GIF+deflate alpha)
+0 string GIF94z image/unknown
+#
+# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
+# FGF image (GIF+deflate beta)
+0 string FGF95a image/unknown
+#
+# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+# PBF image (deflate compression)
+0 string PBF image/unknown
+
+# GIF
+0 string GIF image/gif
+
+# JPEG images
+0 beshort 0xffd8 image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
+0 string BM image/x-ms-bmp
+#>14 byte 12 (OS/2 1.x format)
+#>14 byte 64 (OS/2 2.x format)
+#>14 byte 40 (Windows 3.x format)
+#0 string IC icon
+#0 string PI pointer
+#0 string CI color icon
+#0 string CP color pointer
+#0 string BA bitmap array
+
+# CDROM Filesystems
+32769 string CD001 application/x-iso9660
+
+# Newer StuffIt archives (grant@netbsd.org)
+0 string StuffIt application/x-stuffit
+#>162 string >0 : %s
+
+# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
+# Daniel Quinlan, quinlan@yggdrasil.com
+11 string must\ be\ converted\ with\ BinHex\ 4 application/mac-binhex40
+##>41 string x \b, version %.3s
+
+
+#------------------------------------------------------------------------------
+# lisp: file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 string ;; text/plain 8bit
+# Emacs 18 - this is always correct, but not very magical.
+0 string \012( application/x-elc
+# Emacs 19
+0 string ;ELC\023\000\000\000 application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news: file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0 string Relay-Version: message/rfc822 7bit
+0 string #!\ rnews message/rfc822 7bit
+0 string N#!\ rnews message/rfc822 7bit
+0 string Forward\ to message/rfc822 7bit
+0 string Pipe\ to message/rfc822 7bit
+0 string Return-Path: message/rfc822 7bit
+0 string Received: message/rfc822
+0 string Path: message/news 8bit
+0 string Xref: message/news 8bit
+0 string From: message/rfc822 7bit
+0 string Article message/news 8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0 string \376\067\0\043 application/msword
+0 string \320\317\021\340\241\261 application/msword
+0 string \333\245-\0\0\0 application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer: file(1) magic for printer-formatted files
+#
+
+# PostScript
+0 string %! application/postscript
+0 string \004%! application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0 string %PDF- application/pdf
+
+#------------------------------------------------------------------------------
+# sc: file(1) magic for "sc" spreadsheet
+#
+38 string Spreadsheet application/x-sc
+
+#------------------------------------------------------------------------------
+# tex: file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0 string \367\002 application/x-dvi
+#0 string \367\203 TeX generic font data
+#0 string \367\131 TeX packed font data
+#0 string \367\312 TeX virtual font data
+#0 string This\ is\ TeX, TeX transcript text
+#0 string This\ is\ METAFONT, METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data. The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+2 string \000\021 application/x-tex-tfm
+2 string \000\022 application/x-tex-tfm
+#>34 string >\0 (%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 string \\input\ texinfo text/x-texinfo
+0 string This\ is\ Info\ file text/x-info
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0 leshort 0x02f7 application/x-dvi
+
+# RTF - Rich Text Format
+0 string {\\rtf text/rtf
+
+#------------------------------------------------------------------------------
+# animation: file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+# MPEG file
+# MPEG sequences
+0 belong 0x000001BA
+>4 byte &0x40 video/mp2p
+>4 byte ^0x40 video/mpeg
+0 belong 0x000001BB video/mpeg
+0 belong 0x000001B0 video/mp4v-es
+0 belong 0x000001B5 video/mp4v-es
+0 belong 0x000001B3 video/mpv
+0 belong&0xFF5FFF1F 0x47400010 video/mp2t
+0 belong 0x00000001
+>4 byte&0x1F 0x07 video/h264
+
+# FLI animation format
+0 leshort 0xAF11 video/fli
+# FLC animation format
+0 leshort 0xAF12 video/flc
+#
+# SGI and Apple formats
+# Added ISO mimes
+0 string MOVI video/sgi
+4 string moov video/quicktime
+4 string mdat video/quicktime
+4 string wide video/quicktime
+4 string skip video/quicktime
+4 string free video/quicktime
+4 string idsc image/x-quicktime
+4 string idat image/x-quicktime
+4 string pckg application/x-quicktime
+4 string/B jP image/jp2
+4 string ftyp
+>8 string isom video/mp4
+>8 string mp41 video/mp4
+>8 string mp42 video/mp4
+>8 string/B jp2 image/jp2
+>8 string 3gp video/3gpp
+>8 string avc1 video/3gpp
+>8 string mmp4 video/mp4
+>8 string/B M4A audio/mp4
+>8 string/B qt video/quicktime
+# The contributor claims:
+# I couldn't find a real magic number for these, however, this
+# -appears- to work. Note that it might catch other files, too,
+# so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+# DL file version 1 , medium format (160x100, 4 images/screen)
+0 byte 1 video/unknown
+0 byte 2 video/unknown
+#
+# Databases
+#
+# GDBM magic numbers
+# Will be maintained as part of the GDBM distribution in the future.
+# <downsj@teeny.org>
+0 belong 0x13579ace application/x-gdbm
+0 lelong 0x13579ace application/x-gdbm
+0 string GDBM application/x-gdbm
+#
+0 belong 0x061561 application/x-dbm
+#
+# Executables
+#
+0 string \177ELF
+>16 leshort 0 application/octet-stream
+>16 leshort 1 application/x-object
+>16 leshort 2 application/x-executable
+>16 leshort 3 application/x-sharedlib
+>16 leshort 4 application/x-coredump
+>16 beshort 0 application/octet-stream
+>16 beshort 1 application/x-object
+>16 beshort 2 application/x-executable
+>16 beshort 3 application/x-sharedlib
+>16 beshort 4 application/x-coredump
+#
+# DOS
+0 string MZ application/x-dosexec
+#
+# KDE
+0 string [KDE\ Desktop\ Entry] application/x-kdelnk
+0 string \#\ KDE\ Config\ File application/x-kdelnk
+# xmcd database file for kscd
+0 string \#\ xmcd text/xmcd
+
+#------------------------------------------------------------------------------
+# pkgadd: file(1) magic for SysV R4 PKG Datastreams
+#
+0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
+
+#PNG Image Format
+0 string \x89PNG image/png
+
+# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
+0 string \x8aMNG video/x-mng
+0 string \x8aJNG video/x-jng
+
+#------------------------------------------------------------------------------
+# Hierarchical Data Format, used to facilitate scientific data exchange
+# specifications at http://hdf.ncsa.uiuc.edu/
+#Hierarchical Data Format (version 4) data
+0 belong 0x0e031301 application/x-hdf
+#Hierarchical Data Format (version 5) data
+0 string \211HDF\r\n\032 application/x-hdf
+
+# Adobe Photoshop
+0 string 8BPS image/x-photoshop
+
+# Felix von Leitner <felix-file@fefe.de>
+0 string d8:announce application/x-bittorrent
+
+
+# lotus 1-2-3 document
+0 belong 0x00001a00 application/x-123
+0 belong 0x00000200 application/x-123
+
+# MS Access database
+4 string Standard\ Jet\ DB application/msaccess
+
+## magic for XBase files
+#0 byte 0x02
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x03
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x04
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x05
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x30
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x43
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x7b
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x83
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x8b
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x8e
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0xb3
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0xf5
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 leshort 0x0006 application/x-dbt
+
+# Debian has entries for the old PGP formats:
+# pgp: file(1) magic for Pretty Good Privacy
+# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
+#text/PGP key public ring
+0 beshort 0x9900 application/pgp
+#text/PGP key security ring
+0 beshort 0x9501 application/pgp
+#text/PGP key security ring
+0 beshort 0x9500 application/pgp
+#text/PGP encrypted data
+0 beshort 0xa600 application/pgp-encrypted
+#text/PGP armored data
+##public key block
+2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys
+0 string -----BEGIN\040PGP\40MESSAGE- application/pgp
+0 string -----BEGIN\040PGP\40SIGNATURE- application/pgp-signature
+#
+# GnuPG Magic:
+#
+#
+#text/GnuPG key public ring
+0 beshort 0x9901 application/pgp
+#text/OpenPGP data
+0 beshort 0x8501 application/pgp-encrypted
+
+# flash: file(1) magic for Macromedia Flash file format
+#
+# See
+#
+# http://www.macromedia.com/software/flash/open/
+#
+0 string FWS
+>3 byte x application/x-shockwave-flash
+
+# The following paramaters are created for Namazu.
+# <http://www.namazu.org/>
+#
+# 1999/08/13
+#0 string \<!--\ MHonArc text/html; x-type=mhonarc
+0 string BZh application/x-bzip2
+
+# 1999/09/09
+# VRML (suggested by Masao Takaku)
+0 string #VRML\ V1.0\ ascii model/vrml
+0 string #VRML\ V2.0\ utf8 model/vrml
+
+#------------------------------------------------------------------------------
+# ichitaro456: file(1) magic for Just System Word Processor Ichitaro
+#
+# Contributor kenzo-:
+# Reversed-engineered JS Ichitaro magic numbers
+#
+
+0 string DOC
+>43 byte 0x14 application/ichitaro4
+>144 string JDASH application/ichitaro4
+
+0 string DOC
+>43 byte 0x15 application/ichitaro5
+
+0 string DOC
+>43 byte 0x16 application/ichitaro6
+
+#------------------------------------------------------------------------------
+# office97: file(1) magic for MicroSoft Office files
+#
+# Contributor kenzo-:
+# Reversed-engineered MS Office magic numbers
+#
+
+#0 string \320\317\021\340\241\261\032\341
+#>48 byte 0x1B application/excel
+
+2080 string Microsoft\ Excel\ 5.0\ Worksheet application/excel
+2114 string Biff5 application/excel
+
+0 string \224\246\056 application/msword
+
+0 belong 0x31be0000 application/msword
+
+0 string PO^Q` application/msword
+
+0 string \320\317\021\340\241\261\032\341
+>546 string bjbj application/msword
+>546 string jbjb application/msword
+
+512 string R\0o\0o\0t\0\ \0E\0n\0t\0r\0y application/msword
+
+2080 string Microsoft\ Word\ 6.0\ Document application/msword
+2080 string Documento\ Microsoft\ Word\ 6 application/msword
+2112 string MSWordDoc application/msword
+
+#0 string \320\317\021\340\241\261\032\341 application/powerpoint
+0 string \320\317\021\340\241\261\032\341 application/msword
+
+0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
+
+
+# WinNT/WinCE PE files (Warner Losh, imp@village.org)
+#
+128 string PE\000\000 application/octet-stream
+0 string PE\000\000 application/octet-stream
+
+# miscellaneous formats
+0 string LZ application/octet-stream
+
+
+# .EXE formats (Greg Roelofs, newt@uchicago.edu)
+#
+0 string MZ
+>24 string @ application/octet-stream
+
+0 string MZ
+>30 string Copyright\ 1989-1990\ PKWARE\ Inc. application/x-zip
+
+0 string MZ
+>30 string PKLITE\ Copr. application/x-zip
+
+0 string MZ
+>36 string LHa's\ SFX application/x-lha
+
+0 string MZ application/octet-stream
+
+# LHA archiver
+2 string -lh
+>6 string - application/x-lha
+
+
+# Zoo archiver
+20 lelong 0xfdc4a7dc application/x-zoo
+
+# ARC archiver
+0 lelong&0x8080ffff 0x0000081a application/x-arc
+0 lelong&0x8080ffff 0x0000091a application/x-arc
+0 lelong&0x8080ffff 0x0000021a application/x-arc
+0 lelong&0x8080ffff 0x0000031a application/x-arc
+0 lelong&0x8080ffff 0x0000041a application/x-arc
+0 lelong&0x8080ffff 0x0000061a application/x-arc
+
+# Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF)
+0 lelong 0x223e9f78 application/ms-tnef
+
+# From: stephane.loeuillet@tiscali.f
+# http://www.djvuzone.org/
+0 string AT&TFORM image/x.djvu
+
+# Danny Milosavljevic <danny.milo@gmx.net>
+# this are adrift (adventure game standard) game files, extension .taf
+# depending on version magic continues with 0x93453E6139FA (V 4.0)
+# 0x9445376139FA (V 3.90)
+# 0x9445366139FA (V 3.80)
+# this is from source (http://www.adrift.org.uk/) and I have some taf
+# files, and checked them.
+#0 belong 0x3C423FC9
+#>4 belong 0x6A87C2CF application/x-adrift
+#0 string \000\000\001\000 image/x-ico
+
+# Quark Xpress 3 Files:
+# (made the mimetype up)
+0 string \0\0MMXPR3\0 application/x-quark-xpress-3
+
+# EET archive
+# From: Tilman Sauerbeck <tilman@code-monkey.de>
+0 belong 0x1ee7ff00 application/x-eet
+
+# From: Denis Knauf, via gentoo.
+0 string fLaC audio/x-flac
+0 string CWS application/x-shockwave-flash
+
+# Gnumeric spreadsheet
+# This entry is only semi-helpful, as Gnumeric compresses its files, so
+# they will ordinarily reported as "compressed", but at least -z helps
+39 string =<gmr:Workbook application/x-gnumeric
+
diff --git a/debian/config-dir/mods-available/access_compat.load b/debian/config-dir/mods-available/access_compat.load
new file mode 100644
index 0000000..83273df
--- /dev/null
+++ b/debian/config-dir/mods-available/access_compat.load
@@ -0,0 +1,2 @@
+# Depends: authn_core
+LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
diff --git a/debian/config-dir/mods-available/actions.conf b/debian/config-dir/mods-available/actions.conf
new file mode 100644
index 0000000..22e6f9f
--- /dev/null
+++ b/debian/config-dir/mods-available/actions.conf
@@ -0,0 +1,9 @@
+# a2enmod-note: needs-configuration
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
diff --git a/debian/config-dir/mods-available/actions.load b/debian/config-dir/mods-available/actions.load
new file mode 100644
index 0000000..4207df3
--- /dev/null
+++ b/debian/config-dir/mods-available/actions.load
@@ -0,0 +1 @@
+LoadModule actions_module /usr/lib/apache2/modules/mod_actions.so
diff --git a/debian/config-dir/mods-available/alias.conf b/debian/config-dir/mods-available/alias.conf
new file mode 100644
index 0000000..ed12b2b
--- /dev/null
+++ b/debian/config-dir/mods-available/alias.conf
@@ -0,0 +1,19 @@
+# Aliases: Add here as many aliases as you need (with no limit). The format is
+# Alias fakename realname
+#
+# Note that if you include a trailing / on fakename then the server will
+# require it to be present in the URL. So "/icons" isn't aliased in this
+# example, only "/icons/". If the fakename is slash-terminated, then the
+# realname must also be slash terminated, and if the fakename omits the
+# trailing slash, the realname must also omit it.
+#
+# We include the /icons/ alias for FancyIndexed directory listings. If
+# you do not use FancyIndexing, you may comment this out.
+
+Alias /icons/ "/usr/share/apache2/icons/"
+
+<Directory "/usr/share/apache2/icons">
+ Options FollowSymlinks
+ AllowOverride None
+ Require all granted
+</Directory>
diff --git a/debian/config-dir/mods-available/alias.load b/debian/config-dir/mods-available/alias.load
new file mode 100644
index 0000000..4cb7385
--- /dev/null
+++ b/debian/config-dir/mods-available/alias.load
@@ -0,0 +1 @@
+LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
diff --git a/debian/config-dir/mods-available/allowmethods.load b/debian/config-dir/mods-available/allowmethods.load
new file mode 100644
index 0000000..e5bbe59
--- /dev/null
+++ b/debian/config-dir/mods-available/allowmethods.load
@@ -0,0 +1 @@
+LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so
diff --git a/debian/config-dir/mods-available/asis.load b/debian/config-dir/mods-available/asis.load
new file mode 100644
index 0000000..6b73c45
--- /dev/null
+++ b/debian/config-dir/mods-available/asis.load
@@ -0,0 +1,2 @@
+# Depends: mime
+LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so
diff --git a/debian/config-dir/mods-available/auth_basic.load b/debian/config-dir/mods-available/auth_basic.load
new file mode 100644
index 0000000..5f3cd1c
--- /dev/null
+++ b/debian/config-dir/mods-available/auth_basic.load
@@ -0,0 +1,2 @@
+# Depends: authn_core
+LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
diff --git a/debian/config-dir/mods-available/auth_digest.load b/debian/config-dir/mods-available/auth_digest.load
new file mode 100644
index 0000000..4fa7a3e
--- /dev/null
+++ b/debian/config-dir/mods-available/auth_digest.load
@@ -0,0 +1,2 @@
+# Depends: authn_core
+LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
diff --git a/debian/config-dir/mods-available/auth_form.load b/debian/config-dir/mods-available/auth_form.load
new file mode 100644
index 0000000..91e9507
--- /dev/null
+++ b/debian/config-dir/mods-available/auth_form.load
@@ -0,0 +1,2 @@
+# Depends: session authn_core
+LoadModule auth_form_module /usr/lib/apache2/modules/mod_auth_form.so
diff --git a/debian/config-dir/mods-available/authn_anon.load b/debian/config-dir/mods-available/authn_anon.load
new file mode 100644
index 0000000..331922a
--- /dev/null
+++ b/debian/config-dir/mods-available/authn_anon.load
@@ -0,0 +1 @@
+LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so
diff --git a/debian/config-dir/mods-available/authn_core.load b/debian/config-dir/mods-available/authn_core.load
new file mode 100644
index 0000000..446074f
--- /dev/null
+++ b/debian/config-dir/mods-available/authn_core.load
@@ -0,0 +1 @@
+LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
diff --git a/debian/config-dir/mods-available/authn_dbd.load b/debian/config-dir/mods-available/authn_dbd.load
new file mode 100644
index 0000000..d517af3
--- /dev/null
+++ b/debian/config-dir/mods-available/authn_dbd.load
@@ -0,0 +1,2 @@
+# Depends: dbd
+LoadModule authn_dbd_module /usr/lib/apache2/modules/mod_authn_dbd.so
diff --git a/debian/config-dir/mods-available/authn_dbm.load b/debian/config-dir/mods-available/authn_dbm.load
new file mode 100644
index 0000000..c39d41b
--- /dev/null
+++ b/debian/config-dir/mods-available/authn_dbm.load
@@ -0,0 +1 @@
+LoadModule authn_dbm_module /usr/lib/apache2/modules/mod_authn_dbm.so
diff --git a/debian/config-dir/mods-available/authn_file.load b/debian/config-dir/mods-available/authn_file.load
new file mode 100644
index 0000000..9f13b35
--- /dev/null
+++ b/debian/config-dir/mods-available/authn_file.load
@@ -0,0 +1 @@
+LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
diff --git a/debian/config-dir/mods-available/authn_socache.load b/debian/config-dir/mods-available/authn_socache.load
new file mode 100644
index 0000000..786232d
--- /dev/null
+++ b/debian/config-dir/mods-available/authn_socache.load
@@ -0,0 +1 @@
+LoadModule authn_socache_module /usr/lib/apache2/modules/mod_authn_socache.so
diff --git a/debian/config-dir/mods-available/authnz_fcgi.load b/debian/config-dir/mods-available/authnz_fcgi.load
new file mode 100644
index 0000000..69d757c
--- /dev/null
+++ b/debian/config-dir/mods-available/authnz_fcgi.load
@@ -0,0 +1 @@
+LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so
diff --git a/debian/config-dir/mods-available/authnz_ldap.load b/debian/config-dir/mods-available/authnz_ldap.load
new file mode 100644
index 0000000..c56d4dc
--- /dev/null
+++ b/debian/config-dir/mods-available/authnz_ldap.load
@@ -0,0 +1,2 @@
+# Depends: ldap
+LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
diff --git a/debian/config-dir/mods-available/authz_core.load b/debian/config-dir/mods-available/authz_core.load
new file mode 100644
index 0000000..5499bf3
--- /dev/null
+++ b/debian/config-dir/mods-available/authz_core.load
@@ -0,0 +1 @@
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
diff --git a/debian/config-dir/mods-available/authz_dbd.load b/debian/config-dir/mods-available/authz_dbd.load
new file mode 100644
index 0000000..cf82cae
--- /dev/null
+++ b/debian/config-dir/mods-available/authz_dbd.load
@@ -0,0 +1,2 @@
+# Depends: dbd authz_core
+LoadModule authz_dbd_module /usr/lib/apache2/modules/mod_authz_dbd.so
diff --git a/debian/config-dir/mods-available/authz_dbm.load b/debian/config-dir/mods-available/authz_dbm.load
new file mode 100644
index 0000000..6db4831
--- /dev/null
+++ b/debian/config-dir/mods-available/authz_dbm.load
@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so
diff --git a/debian/config-dir/mods-available/authz_groupfile.load b/debian/config-dir/mods-available/authz_groupfile.load
new file mode 100644
index 0000000..eda3d21
--- /dev/null
+++ b/debian/config-dir/mods-available/authz_groupfile.load
@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so
diff --git a/debian/config-dir/mods-available/authz_host.load b/debian/config-dir/mods-available/authz_host.load
new file mode 100644
index 0000000..f8cf87a
--- /dev/null
+++ b/debian/config-dir/mods-available/authz_host.load
@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
diff --git a/debian/config-dir/mods-available/authz_owner.load b/debian/config-dir/mods-available/authz_owner.load
new file mode 100644
index 0000000..cbad3b5
--- /dev/null
+++ b/debian/config-dir/mods-available/authz_owner.load
@@ -0,0 +1 @@
+LoadModule authz_owner_module /usr/lib/apache2/modules/mod_authz_owner.so
diff --git a/debian/config-dir/mods-available/authz_user.load b/debian/config-dir/mods-available/authz_user.load
new file mode 100644
index 0000000..e47c40c
--- /dev/null
+++ b/debian/config-dir/mods-available/authz_user.load
@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
diff --git a/debian/config-dir/mods-available/autoindex.conf b/debian/config-dir/mods-available/autoindex.conf
new file mode 100644
index 0000000..e53c391
--- /dev/null
+++ b/debian/config-dir/mods-available/autoindex.conf
@@ -0,0 +1,91 @@
+# Directives controlling the display of server-generated directory listings.
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions. These are only displayed for
+# FancyIndexed directories.
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+# It's a suffix rule, so simply matching "core" matches "score" as well !
+AddIcon /icons/bomb.gif /core
+AddIcon (SND,/icons/sound2.gif) .ogg
+AddIcon (VID,/icons/movie.gif) .ogm
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+# Default icons for OpenDocument format
+AddIcon /icons/odf6odt-20x22.png .odt
+AddIcon /icons/odf6ods-20x22.png .ods
+AddIcon /icons/odf6odp-20x22.png .odp
+AddIcon /icons/odf6odg-20x22.png .odg
+AddIcon /icons/odf6odc-20x22.png .odc
+AddIcon /icons/odf6odf-20x22.png .odf
+AddIcon /icons/odf6odb-20x22.png .odb
+AddIcon /icons/odf6odi-20x22.png .odi
+AddIcon /icons/odf6odm-20x22.png .odm
+
+AddIcon /icons/odf6ott-20x22.png .ott
+AddIcon /icons/odf6ots-20x22.png .ots
+AddIcon /icons/odf6otp-20x22.png .otp
+AddIcon /icons/odf6otg-20x22.png .otg
+AddIcon /icons/odf6otc-20x22.png .otc
+AddIcon /icons/odf6otf-20x22.png .otf
+AddIcon /icons/odf6oti-20x22.png .oti
+AddIcon /icons/odf6oth-20x22.png .oth
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes. These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing. Shell-style wildcarding is permitted.
+IndexIgnore .??* *~ *# RCS CVS *,v *,t
diff --git a/debian/config-dir/mods-available/autoindex.load b/debian/config-dir/mods-available/autoindex.load
new file mode 100644
index 0000000..82328b9
--- /dev/null
+++ b/debian/config-dir/mods-available/autoindex.load
@@ -0,0 +1 @@
+LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so
diff --git a/debian/config-dir/mods-available/brotli.load b/debian/config-dir/mods-available/brotli.load
new file mode 100644
index 0000000..ebd48ed
--- /dev/null
+++ b/debian/config-dir/mods-available/brotli.load
@@ -0,0 +1 @@
+LoadModule brotli_module /usr/lib/apache2/modules/mod_brotli.so
diff --git a/debian/config-dir/mods-available/buffer.load b/debian/config-dir/mods-available/buffer.load
new file mode 100644
index 0000000..f5e7423
--- /dev/null
+++ b/debian/config-dir/mods-available/buffer.load
@@ -0,0 +1 @@
+LoadModule buffer_module /usr/lib/apache2/modules/mod_buffer.so
diff --git a/debian/config-dir/mods-available/cache.load b/debian/config-dir/mods-available/cache.load
new file mode 100644
index 0000000..e3189a0
--- /dev/null
+++ b/debian/config-dir/mods-available/cache.load
@@ -0,0 +1 @@
+LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so
diff --git a/debian/config-dir/mods-available/cache_disk.conf b/debian/config-dir/mods-available/cache_disk.conf
new file mode 100644
index 0000000..8625539
--- /dev/null
+++ b/debian/config-dir/mods-available/cache_disk.conf
@@ -0,0 +1,21 @@
+# cache cleaning is done by htcacheclean, which can be configured in
+# /etc/default/apache2
+#
+# For further information, see the comments in that file,
+# /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
+# man page.
+
+# This path must be the same as the one in /etc/default/apache2
+CacheRoot /var/cache/apache2/mod_cache_disk
+
+# This will also cache local documents. It usually makes more sense to
+# put this into the configuration for just one virtual host.
+#CacheEnable disk /
+
+
+# The result of CacheDirLevels * CacheDirLength must not be higher than
+# 20. Moreover, pay attention on file system limits. Some file systems
+# do not support more than a certain number of inodes and
+# subdirectories (e.g. 32000 for ext3)
+CacheDirLevels 2
+CacheDirLength 1
diff --git a/debian/config-dir/mods-available/cache_disk.load b/debian/config-dir/mods-available/cache_disk.load
new file mode 100644
index 0000000..3b641a1
--- /dev/null
+++ b/debian/config-dir/mods-available/cache_disk.load
@@ -0,0 +1,2 @@
+# Depends: cache
+LoadModule cache_disk_module /usr/lib/apache2/modules/mod_cache_disk.so
diff --git a/debian/config-dir/mods-available/cache_socache.load b/debian/config-dir/mods-available/cache_socache.load
new file mode 100644
index 0000000..47a3dcb
--- /dev/null
+++ b/debian/config-dir/mods-available/cache_socache.load
@@ -0,0 +1,2 @@
+# Depends: cache
+LoadModule cache_socache_module /usr/lib/apache2/modules/mod_cache_socache.so
diff --git a/debian/config-dir/mods-available/cern_meta.load b/debian/config-dir/mods-available/cern_meta.load
new file mode 100644
index 0000000..bcc7546
--- /dev/null
+++ b/debian/config-dir/mods-available/cern_meta.load
@@ -0,0 +1 @@
+LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so
diff --git a/debian/config-dir/mods-available/cgi.load b/debian/config-dir/mods-available/cgi.load
new file mode 100644
index 0000000..1be9048
--- /dev/null
+++ b/debian/config-dir/mods-available/cgi.load
@@ -0,0 +1 @@
+LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
diff --git a/debian/config-dir/mods-available/cgid.conf b/debian/config-dir/mods-available/cgid.conf
new file mode 100644
index 0000000..2f22b70
--- /dev/null
+++ b/debian/config-dir/mods-available/cgid.conf
@@ -0,0 +1,2 @@
+# Socket for cgid communication
+ScriptSock ${APACHE_RUN_DIR}/socks/cgisock
diff --git a/debian/config-dir/mods-available/cgid.load b/debian/config-dir/mods-available/cgid.load
new file mode 100644
index 0000000..e036f7d
--- /dev/null
+++ b/debian/config-dir/mods-available/cgid.load
@@ -0,0 +1 @@
+LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so
diff --git a/debian/config-dir/mods-available/charset_lite.load b/debian/config-dir/mods-available/charset_lite.load
new file mode 100644
index 0000000..f137a57
--- /dev/null
+++ b/debian/config-dir/mods-available/charset_lite.load
@@ -0,0 +1 @@
+LoadModule charset_lite_module /usr/lib/apache2/modules/mod_charset_lite.so
diff --git a/debian/config-dir/mods-available/data.load b/debian/config-dir/mods-available/data.load
new file mode 100644
index 0000000..ef488a4
--- /dev/null
+++ b/debian/config-dir/mods-available/data.load
@@ -0,0 +1 @@
+LoadModule data_module /usr/lib/apache2/modules/mod_data.so
diff --git a/debian/config-dir/mods-available/dav.load b/debian/config-dir/mods-available/dav.load
new file mode 100644
index 0000000..a5867ff
--- /dev/null
+++ b/debian/config-dir/mods-available/dav.load
@@ -0,0 +1,3 @@
+<IfModule !mod_dav.c>
+ LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
+</IfModule>
diff --git a/debian/config-dir/mods-available/dav_fs.conf b/debian/config-dir/mods-available/dav_fs.conf
new file mode 100644
index 0000000..c7130c2
--- /dev/null
+++ b/debian/config-dir/mods-available/dav_fs.conf
@@ -0,0 +1 @@
+DAVLockDB ${APACHE_LOCK_DIR}/DAVLock
diff --git a/debian/config-dir/mods-available/dav_fs.load b/debian/config-dir/mods-available/dav_fs.load
new file mode 100644
index 0000000..ba2a3f8
--- /dev/null
+++ b/debian/config-dir/mods-available/dav_fs.load
@@ -0,0 +1,2 @@
+# Depends: dav
+LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so
diff --git a/debian/config-dir/mods-available/dav_lock.load b/debian/config-dir/mods-available/dav_lock.load
new file mode 100644
index 0000000..ba0703e
--- /dev/null
+++ b/debian/config-dir/mods-available/dav_lock.load
@@ -0,0 +1 @@
+LoadModule dav_lock_module /usr/lib/apache2/modules/mod_dav_lock.so
diff --git a/debian/config-dir/mods-available/dbd.load b/debian/config-dir/mods-available/dbd.load
new file mode 100644
index 0000000..5495f2a
--- /dev/null
+++ b/debian/config-dir/mods-available/dbd.load
@@ -0,0 +1 @@
+LoadModule dbd_module /usr/lib/apache2/modules/mod_dbd.so
diff --git a/debian/config-dir/mods-available/deflate.conf b/debian/config-dir/mods-available/deflate.conf
new file mode 100644
index 0000000..440a68b
--- /dev/null
+++ b/debian/config-dir/mods-available/deflate.conf
@@ -0,0 +1,7 @@
+<IfModule mod_filter.c>
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/wasm
+ AddOutputFilterByType DEFLATE application/xml
+</IfModule>
diff --git a/debian/config-dir/mods-available/deflate.load b/debian/config-dir/mods-available/deflate.load
new file mode 100644
index 0000000..3873ffc
--- /dev/null
+++ b/debian/config-dir/mods-available/deflate.load
@@ -0,0 +1,2 @@
+# Depends: filter
+LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
diff --git a/debian/config-dir/mods-available/dialup.load b/debian/config-dir/mods-available/dialup.load
new file mode 100644
index 0000000..3c4a636
--- /dev/null
+++ b/debian/config-dir/mods-available/dialup.load
@@ -0,0 +1 @@
+LoadModule dialup_module /usr/lib/apache2/modules/mod_dialup.so
diff --git a/debian/config-dir/mods-available/dir.conf b/debian/config-dir/mods-available/dir.conf
new file mode 100644
index 0000000..c0a462b
--- /dev/null
+++ b/debian/config-dir/mods-available/dir.conf
@@ -0,0 +1 @@
+DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
diff --git a/debian/config-dir/mods-available/dir.load b/debian/config-dir/mods-available/dir.load
new file mode 100644
index 0000000..e5b5d92
--- /dev/null
+++ b/debian/config-dir/mods-available/dir.load
@@ -0,0 +1 @@
+LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
diff --git a/debian/config-dir/mods-available/dump_io.load b/debian/config-dir/mods-available/dump_io.load
new file mode 100644
index 0000000..561c24b
--- /dev/null
+++ b/debian/config-dir/mods-available/dump_io.load
@@ -0,0 +1 @@
+LoadModule dumpio_module /usr/lib/apache2/modules/mod_dumpio.so
diff --git a/debian/config-dir/mods-available/echo.load b/debian/config-dir/mods-available/echo.load
new file mode 100644
index 0000000..42cae85
--- /dev/null
+++ b/debian/config-dir/mods-available/echo.load
@@ -0,0 +1 @@
+LoadModule echo_module /usr/lib/apache2/modules/mod_echo.so
diff --git a/debian/config-dir/mods-available/env.load b/debian/config-dir/mods-available/env.load
new file mode 100644
index 0000000..8bf608d
--- /dev/null
+++ b/debian/config-dir/mods-available/env.load
@@ -0,0 +1 @@
+LoadModule env_module /usr/lib/apache2/modules/mod_env.so
diff --git a/debian/config-dir/mods-available/expires.load b/debian/config-dir/mods-available/expires.load
new file mode 100644
index 0000000..092acab
--- /dev/null
+++ b/debian/config-dir/mods-available/expires.load
@@ -0,0 +1 @@
+LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
diff --git a/debian/config-dir/mods-available/ext_filter.load b/debian/config-dir/mods-available/ext_filter.load
new file mode 100644
index 0000000..b3a1596
--- /dev/null
+++ b/debian/config-dir/mods-available/ext_filter.load
@@ -0,0 +1 @@
+LoadModule ext_filter_module /usr/lib/apache2/modules/mod_ext_filter.so
diff --git a/debian/config-dir/mods-available/file_cache.load b/debian/config-dir/mods-available/file_cache.load
new file mode 100644
index 0000000..32c0a56
--- /dev/null
+++ b/debian/config-dir/mods-available/file_cache.load
@@ -0,0 +1,2 @@
+# Depends: cache
+LoadModule file_cache_module /usr/lib/apache2/modules/mod_file_cache.so
diff --git a/debian/config-dir/mods-available/filter.load b/debian/config-dir/mods-available/filter.load
new file mode 100644
index 0000000..94c4270
--- /dev/null
+++ b/debian/config-dir/mods-available/filter.load
@@ -0,0 +1 @@
+LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
diff --git a/debian/config-dir/mods-available/headers.load b/debian/config-dir/mods-available/headers.load
new file mode 100644
index 0000000..e4497e5
--- /dev/null
+++ b/debian/config-dir/mods-available/headers.load
@@ -0,0 +1 @@
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
diff --git a/debian/config-dir/mods-available/heartbeat.load b/debian/config-dir/mods-available/heartbeat.load
new file mode 100644
index 0000000..208686c
--- /dev/null
+++ b/debian/config-dir/mods-available/heartbeat.load
@@ -0,0 +1,3 @@
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartbeat_module /usr/lib/apache2/modules/mod_heartbeat.so
diff --git a/debian/config-dir/mods-available/heartmonitor.load b/debian/config-dir/mods-available/heartmonitor.load
new file mode 100644
index 0000000..e5deba7
--- /dev/null
+++ b/debian/config-dir/mods-available/heartmonitor.load
@@ -0,0 +1,3 @@
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartmonitor_module /usr/lib/apache2/modules/mod_heartmonitor.so
diff --git a/debian/config-dir/mods-available/http2.conf b/debian/config-dir/mods-available/http2.conf
new file mode 100644
index 0000000..612baa5
--- /dev/null
+++ b/debian/config-dir/mods-available/http2.conf
@@ -0,0 +1,30 @@
+Protocols h2 h2c http/1.1
+
+# # HTTP/2 push configuration
+#
+# H2Push on
+#
+# # Default Priority Rule
+#
+# H2PushPriority * After 16
+#
+# # More complex ruleset:
+#
+# H2PushPriority * after
+# H2PushPriority text/css before
+# H2PushPriority image/jpeg after 32
+# H2PushPriority image/png after 32
+# H2PushPriority application/javascript interleaved
+#
+# # Configure some stylesheet and script to be pushed by the webserver
+#
+# <FilesMatch "\.html$">
+# Header add Link "</style.css>; rel=preload; as=style"
+# Header add Link "</script.js>; rel=preload; as=script"
+# </FilesMatch>
+# Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
+# you may want to change your LogFormat directive as follow:
+#
+# LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+# LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %l %u %t \"%r\" %>s %B" common
diff --git a/debian/config-dir/mods-available/http2.load b/debian/config-dir/mods-available/http2.load
new file mode 100644
index 0000000..e5c769f
--- /dev/null
+++ b/debian/config-dir/mods-available/http2.load
@@ -0,0 +1 @@
+LoadModule http2_module /usr/lib/apache2/modules/mod_http2.so
diff --git a/debian/config-dir/mods-available/ident.load b/debian/config-dir/mods-available/ident.load
new file mode 100644
index 0000000..f7c4c3c
--- /dev/null
+++ b/debian/config-dir/mods-available/ident.load
@@ -0,0 +1 @@
+LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so
diff --git a/debian/config-dir/mods-available/imagemap.load b/debian/config-dir/mods-available/imagemap.load
new file mode 100644
index 0000000..0fd55f8
--- /dev/null
+++ b/debian/config-dir/mods-available/imagemap.load
@@ -0,0 +1 @@
+LoadModule imagemap_module /usr/lib/apache2/modules/mod_imagemap.so
diff --git a/debian/config-dir/mods-available/include.load b/debian/config-dir/mods-available/include.load
new file mode 100644
index 0000000..dc4359a
--- /dev/null
+++ b/debian/config-dir/mods-available/include.load
@@ -0,0 +1,2 @@
+# Depends: mime
+LoadModule include_module /usr/lib/apache2/modules/mod_include.so
diff --git a/debian/config-dir/mods-available/info.conf b/debian/config-dir/mods-available/info.conf
new file mode 100644
index 0000000..cf79351
--- /dev/null
+++ b/debian/config-dir/mods-available/info.conf
@@ -0,0 +1,9 @@
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+#
+<Location /server-info>
+ SetHandler server-info
+ Require local
+ #Require ip 192.0.2.0/24
+</Location>
diff --git a/debian/config-dir/mods-available/info.load b/debian/config-dir/mods-available/info.load
new file mode 100644
index 0000000..c71efcc
--- /dev/null
+++ b/debian/config-dir/mods-available/info.load
@@ -0,0 +1 @@
+LoadModule info_module /usr/lib/apache2/modules/mod_info.so
diff --git a/debian/config-dir/mods-available/lbmethod_bybusyness.load b/debian/config-dir/mods-available/lbmethod_bybusyness.load
new file mode 100644
index 0000000..cf894a3
--- /dev/null
+++ b/debian/config-dir/mods-available/lbmethod_bybusyness.load
@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_bybusyness_module /usr/lib/apache2/modules/mod_lbmethod_bybusyness.so
diff --git a/debian/config-dir/mods-available/lbmethod_byrequests.load b/debian/config-dir/mods-available/lbmethod_byrequests.load
new file mode 100644
index 0000000..cdd8fc5
--- /dev/null
+++ b/debian/config-dir/mods-available/lbmethod_byrequests.load
@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so
diff --git a/debian/config-dir/mods-available/lbmethod_bytraffic.load b/debian/config-dir/mods-available/lbmethod_bytraffic.load
new file mode 100644
index 0000000..dabbe72
--- /dev/null
+++ b/debian/config-dir/mods-available/lbmethod_bytraffic.load
@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_bytraffic_module /usr/lib/apache2/modules/mod_lbmethod_bytraffic.so
diff --git a/debian/config-dir/mods-available/lbmethod_heartbeat.load b/debian/config-dir/mods-available/lbmethod_heartbeat.load
new file mode 100644
index 0000000..2200f3a
--- /dev/null
+++ b/debian/config-dir/mods-available/lbmethod_heartbeat.load
@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_heartbeat_module /usr/lib/apache2/modules/mod_lbmethod_heartbeat.so
diff --git a/debian/config-dir/mods-available/ldap.conf b/debian/config-dir/mods-available/ldap.conf
new file mode 100644
index 0000000..470d5c8
--- /dev/null
+++ b/debian/config-dir/mods-available/ldap.conf
@@ -0,0 +1,4 @@
+<Location /ldap-status>
+ SetHandler ldap-status
+ Require local
+</Location>
diff --git a/debian/config-dir/mods-available/ldap.load b/debian/config-dir/mods-available/ldap.load
new file mode 100644
index 0000000..f9d38a3
--- /dev/null
+++ b/debian/config-dir/mods-available/ldap.load
@@ -0,0 +1 @@
+LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
diff --git a/debian/config-dir/mods-available/log_debug.load b/debian/config-dir/mods-available/log_debug.load
new file mode 100644
index 0000000..1a27fa8
--- /dev/null
+++ b/debian/config-dir/mods-available/log_debug.load
@@ -0,0 +1 @@
+LoadModule log_debug_module /usr/lib/apache2/modules/mod_log_debug.so
diff --git a/debian/config-dir/mods-available/log_forensic.load b/debian/config-dir/mods-available/log_forensic.load
new file mode 100644
index 0000000..9116a3d
--- /dev/null
+++ b/debian/config-dir/mods-available/log_forensic.load
@@ -0,0 +1 @@
+LoadModule log_forensic_module /usr/lib/apache2/modules/mod_log_forensic.so
diff --git a/debian/config-dir/mods-available/lua.load b/debian/config-dir/mods-available/lua.load
new file mode 100644
index 0000000..0b639f5
--- /dev/null
+++ b/debian/config-dir/mods-available/lua.load
@@ -0,0 +1 @@
+LoadModule lua_module /usr/lib/apache2/modules/mod_lua.so
diff --git a/debian/config-dir/mods-available/macro.load b/debian/config-dir/mods-available/macro.load
new file mode 100644
index 0000000..3a72864
--- /dev/null
+++ b/debian/config-dir/mods-available/macro.load
@@ -0,0 +1 @@
+LoadModule macro_module /usr/lib/apache2/modules/mod_macro.so
diff --git a/debian/config-dir/mods-available/md.load b/debian/config-dir/mods-available/md.load
new file mode 100644
index 0000000..812a6a6
--- /dev/null
+++ b/debian/config-dir/mods-available/md.load
@@ -0,0 +1 @@
+LoadModule md_module /usr/lib/apache2/modules/mod_md.so
diff --git a/debian/config-dir/mods-available/mime.conf b/debian/config-dir/mods-available/mime.conf
new file mode 100644
index 0000000..1f593b9
--- /dev/null
+++ b/debian/config-dir/mods-available/mime.conf
@@ -0,0 +1,246 @@
+#
+# TypesConfig points to the file containing the list of mappings from
+# filename extension to MIME-type.
+#
+TypesConfig /etc/mime.types
+
+#
+# AddType allows you to add to or override the MIME configuration
+# file mime.types for specific file types.
+#
+#AddType application/x-gzip .tgz
+#
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+# Despite the name similarity, the following Add* directives have
+# nothing to do with the FancyIndexing customization directives above.
+#
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+#AddEncoding x-bzip2 .bz2
+#
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+#
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-bzip2 .bz2
+
+#
+# DefaultLanguage and AddLanguage allows you to specify the language of
+# a document. You can then use content negotiation to give a browser a
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases
+# the two character 'Language' abbreviation is not identical to
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage am .amh
+AddLanguage ar .ara
+AddLanguage be .be
+AddLanguage bg .bg
+AddLanguage bn .bn
+AddLanguage br .br
+AddLanguage bs .bs
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage cy .cy
+AddLanguage da .da
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage dz .dz
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+# es is ecmascript in /etc/mime.types
+RemoveType es
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage eu .eu
+AddLanguage fa .fa
+AddLanguage fi .fi
+AddLanguage fr .fr
+AddLanguage ga .ga
+AddLanguage gl .glg
+AddLanguage gu .gu
+AddLanguage he .he
+AddLanguage hi .hi
+AddLanguage hr .hr
+AddLanguage hu .hu
+AddLanguage hy .hy
+AddLanguage id .id
+AddLanguage is .is
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ka .ka
+AddLanguage kk .kk
+AddLanguage km .km
+AddLanguage kn .kn
+AddLanguage ko .ko
+AddLanguage ku .ku
+AddLanguage lo .lo
+AddLanguage lt .lt
+AddLanguage ltz .ltz
+AddLanguage lv .lv
+AddLanguage mg .mg
+AddLanguage mk .mk
+AddLanguage ml .ml
+AddLanguage mr .mr
+AddLanguage ms .msa
+AddLanguage nb .nob
+AddLanguage ne .ne
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pa .pa
+AddLanguage pl .po
+AddLanguage pt-BR .pt-br
+AddLanguage pt .pt
+AddLanguage ro .ro
+AddLanguage ru .ru
+AddLanguage sa .sa
+AddLanguage se .se
+AddLanguage si .si
+AddLanguage sk .sk
+AddLanguage sl .sl
+AddLanguage sq .sq
+AddLanguage sr .sr
+AddLanguage sv .sv
+AddLanguage ta .ta
+AddLanguage te .te
+AddLanguage th .th
+AddLanguage tl .tl
+RemoveType tr
+# tr is troff in /etc/mime.types
+AddLanguage tr .tr
+AddLanguage uk .uk
+AddLanguage ur .ur
+AddLanguage vi .vi
+AddLanguage wo .wo
+AddLanguage xh .xh
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset us-ascii .ascii .us-ascii
+AddCharset ISO-8859-1 .iso8859-1 .latin1
+AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+AddCharset ISO-8859-3 .iso8859-3 .latin3
+AddCharset ISO-8859-4 .iso8859-4 .latin4
+AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+AddCharset ISO-8859-10 .iso8859-10 .latin6
+AddCharset ISO-8859-13 .iso8859-13
+AddCharset ISO-8859-14 .iso8859-14 .latin8
+AddCharset ISO-8859-15 .iso8859-15 .latin9
+AddCharset ISO-8859-16 .iso8859-16 .latin10
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5 .Big5 .big5 .b5
+AddCharset cn-Big5 .cn-big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251 .win-1251
+AddCharset CP866 .cp866
+AddCharset KOI8 .koi8
+AddCharset KOI8-E .koi8-e
+AddCharset KOI8-r .koi8-r .koi8-ru
+AddCharset KOI8-U .koi8-u
+AddCharset KOI8-ru .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-7 .utf7
+AddCharset UTF-8 .utf8
+AddCharset UTF-16 .utf16
+AddCharset UTF-16BE .utf16be
+AddCharset UTF-16LE .utf16le
+AddCharset UTF-32 .utf32
+AddCharset UTF-32BE .utf32be
+AddCharset UTF-32LE .utf32le
+AddCharset euc-cn .euc-cn
+AddCharset euc-gb .euc-gb
+AddCharset euc-jp .euc-jp
+AddCharset euc-kr .euc-kr
+#Not sure how euc-tw got in - IANA doesn't list it???
+AddCharset EUC-TW .euc-tw
+AddCharset gb2312 .gb2312 .gb
+AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+AddCharset shift_jis .shift_jis .sjis
+AddCharset BRF .brf
+
+#
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+#
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#
+#AddHandler cgi-script .cgi
+
+#
+# For files that include their own HTTP headers:
+#
+#AddHandler send-as-is asis
+
+#
+# For server-parsed imagemap files:
+#
+#AddHandler imap-file map
+
+#
+# For type maps (negotiated resources):
+# (This is enabled by default to allow the Apache "It Worked" page
+# to be distributed in multiple languages.)
+#
+AddHandler type-map var
+
+#
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#
+AddType text/html .shtml
+<IfModule mod_include.c>
+ AddOutputFilter INCLUDES .shtml
+</IfModule>
diff --git a/debian/config-dir/mods-available/mime.load b/debian/config-dir/mods-available/mime.load
new file mode 100644
index 0000000..d908fd6
--- /dev/null
+++ b/debian/config-dir/mods-available/mime.load
@@ -0,0 +1 @@
+LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
diff --git a/debian/config-dir/mods-available/mime_magic.conf b/debian/config-dir/mods-available/mime_magic.conf
new file mode 100644
index 0000000..0658c3d
--- /dev/null
+++ b/debian/config-dir/mods-available/mime_magic.conf
@@ -0,0 +1 @@
+MIMEMagicFile /etc/apache2/magic
diff --git a/debian/config-dir/mods-available/mime_magic.load b/debian/config-dir/mods-available/mime_magic.load
new file mode 100644
index 0000000..42357db
--- /dev/null
+++ b/debian/config-dir/mods-available/mime_magic.load
@@ -0,0 +1 @@
+LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so
diff --git a/debian/config-dir/mods-available/mpm_event.conf b/debian/config-dir/mods-available/mpm_event.conf
new file mode 100644
index 0000000..b1f712f
--- /dev/null
+++ b/debian/config-dir/mods-available/mpm_event.conf
@@ -0,0 +1,14 @@
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+StartServers 2
+MinSpareThreads 25
+MaxSpareThreads 75
+ThreadLimit 64
+ThreadsPerChild 25
+MaxRequestWorkers 150
+MaxConnectionsPerChild 0
diff --git a/debian/config-dir/mods-available/mpm_event.load b/debian/config-dir/mods-available/mpm_event.load
new file mode 100644
index 0000000..00d970b
--- /dev/null
+++ b/debian/config-dir/mods-available/mpm_event.load
@@ -0,0 +1,2 @@
+# Conflicts: mpm_worker mpm_prefork
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
diff --git a/debian/config-dir/mods-available/mpm_prefork.conf b/debian/config-dir/mods-available/mpm_prefork.conf
new file mode 100644
index 0000000..0035e9e
--- /dev/null
+++ b/debian/config-dir/mods-available/mpm_prefork.conf
@@ -0,0 +1,12 @@
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+StartServers 5
+MinSpareServers 5
+MaxSpareServers 10
+MaxRequestWorkers 150
+MaxConnectionsPerChild 0
diff --git a/debian/config-dir/mods-available/mpm_prefork.load b/debian/config-dir/mods-available/mpm_prefork.load
new file mode 100644
index 0000000..05da7a3
--- /dev/null
+++ b/debian/config-dir/mods-available/mpm_prefork.load
@@ -0,0 +1,2 @@
+# Conflicts: mpm_event mpm_worker
+LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
diff --git a/debian/config-dir/mods-available/mpm_worker.conf b/debian/config-dir/mods-available/mpm_worker.conf
new file mode 100644
index 0000000..109cf64
--- /dev/null
+++ b/debian/config-dir/mods-available/mpm_worker.conf
@@ -0,0 +1,18 @@
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+# graceful restart. ThreadLimit can only be changed by stopping
+# and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+StartServers 2
+MinSpareThreads 25
+MaxSpareThreads 75
+ThreadLimit 64
+ThreadsPerChild 25
+MaxRequestWorkers 150
+MaxConnectionsPerChild 0
diff --git a/debian/config-dir/mods-available/mpm_worker.load b/debian/config-dir/mods-available/mpm_worker.load
new file mode 100644
index 0000000..f9d0c4d
--- /dev/null
+++ b/debian/config-dir/mods-available/mpm_worker.load
@@ -0,0 +1,2 @@
+# Conflicts: mpm_event mpm_prefork
+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
diff --git a/debian/config-dir/mods-available/negotiation.conf b/debian/config-dir/mods-available/negotiation.conf
new file mode 100644
index 0000000..3e6c713
--- /dev/null
+++ b/debian/config-dir/mods-available/negotiation.conf
@@ -0,0 +1,14 @@
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
diff --git a/debian/config-dir/mods-available/negotiation.load b/debian/config-dir/mods-available/negotiation.load
new file mode 100644
index 0000000..8df5711
--- /dev/null
+++ b/debian/config-dir/mods-available/negotiation.load
@@ -0,0 +1 @@
+LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
diff --git a/debian/config-dir/mods-available/proxy.conf b/debian/config-dir/mods-available/proxy.conf
new file mode 100644
index 0000000..ac763f1
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy.conf
@@ -0,0 +1,21 @@
+# If you want to use apache2 as a forward proxy, uncomment the
+# 'ProxyRequests On' line and the <Proxy *> block below.
+# WARNING: Be careful to restrict access inside the <Proxy *> block.
+# Open proxy servers are dangerous both to your network and to the
+# Internet at large.
+#
+# If you only want to use apache2 as a reverse proxy/gateway in
+# front of some web application server, you DON'T need
+# 'ProxyRequests On'.
+
+#ProxyRequests On
+#<Proxy *>
+# AddDefaultCharset off
+# Require all denied
+# #Require local
+#</Proxy>
+
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#ProxyVia Off
diff --git a/debian/config-dir/mods-available/proxy.load b/debian/config-dir/mods-available/proxy.load
new file mode 100644
index 0000000..8828205
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy.load
@@ -0,0 +1 @@
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
diff --git a/debian/config-dir/mods-available/proxy_ajp.load b/debian/config-dir/mods-available/proxy_ajp.load
new file mode 100644
index 0000000..adc0c86
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_ajp.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
diff --git a/debian/config-dir/mods-available/proxy_balancer.conf b/debian/config-dir/mods-available/proxy_balancer.conf
new file mode 100644
index 0000000..6b62ec2
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_balancer.conf
@@ -0,0 +1,9 @@
+# Balancer manager enables dynamic update of balancer members
+# (needs mod_status). Uncomment to enable.
+#
+#<IfModule mod_status.c>
+# <Location /balancer-manager>
+# SetHandler balancer-manager
+# Require local
+# </Location>
+#</IfModule>
diff --git a/debian/config-dir/mods-available/proxy_balancer.load b/debian/config-dir/mods-available/proxy_balancer.load
new file mode 100644
index 0000000..2baa546
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_balancer.load
@@ -0,0 +1,2 @@
+# Depends: proxy alias slotmem_shm
+LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so
diff --git a/debian/config-dir/mods-available/proxy_connect.load b/debian/config-dir/mods-available/proxy_connect.load
new file mode 100644
index 0000000..df81372
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_connect.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
diff --git a/debian/config-dir/mods-available/proxy_express.load b/debian/config-dir/mods-available/proxy_express.load
new file mode 100644
index 0000000..81d3a2f
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_express.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_express_module /usr/lib/apache2/modules/mod_proxy_express.so
diff --git a/debian/config-dir/mods-available/proxy_fcgi.load b/debian/config-dir/mods-available/proxy_fcgi.load
new file mode 100644
index 0000000..067c87e
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_fcgi.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
diff --git a/debian/config-dir/mods-available/proxy_fdpass.load b/debian/config-dir/mods-available/proxy_fdpass.load
new file mode 100644
index 0000000..b27bcdb
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_fdpass.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_fdpass_module /usr/lib/apache2/modules/mod_proxy_fdpass.so
diff --git a/debian/config-dir/mods-available/proxy_ftp.conf b/debian/config-dir/mods-available/proxy_ftp.conf
new file mode 100644
index 0000000..103a4bb
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_ftp.conf
@@ -0,0 +1,2 @@
+# Define the character set for proxied FTP listings. Default is ISO-8859-1
+ProxyFtpDirCharset UTF-8
diff --git a/debian/config-dir/mods-available/proxy_ftp.load b/debian/config-dir/mods-available/proxy_ftp.load
new file mode 100644
index 0000000..8f2a197
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_ftp.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so
diff --git a/debian/config-dir/mods-available/proxy_hcheck.load b/debian/config-dir/mods-available/proxy_hcheck.load
new file mode 100644
index 0000000..b70f421
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_hcheck.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_hcheck_module /usr/lib/apache2/modules/mod_proxy_hcheck.so
diff --git a/debian/config-dir/mods-available/proxy_html.conf b/debian/config-dir/mods-available/proxy_html.conf
new file mode 100644
index 0000000..a6b40df
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_html.conf
@@ -0,0 +1,76 @@
+# Configuration example.
+#
+# For detailed information about these directives see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html>
+# and for mod_xml2enc see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_xml2enc.html>
+#
+
+# All knowledge of HTML links has been removed from the mod_proxy_html
+# code itself, and is instead read from httpd.conf (or included file)
+# at server startup. So you MUST declare it. This will normally be
+# at top level, but can also be used in a <Location>.
+#
+# Here's the declaration for W3C HTML 4.01 and XHTML 1.0
+
+ProxyHTMLLinks a href
+ProxyHTMLLinks area href
+ProxyHTMLLinks link href
+ProxyHTMLLinks img src longdesc usemap
+ProxyHTMLLinks object classid codebase data usemap
+ProxyHTMLLinks q cite
+ProxyHTMLLinks blockquote cite
+ProxyHTMLLinks ins cite
+ProxyHTMLLinks del cite
+ProxyHTMLLinks form action
+ProxyHTMLLinks input src usemap
+ProxyHTMLLinks head profile
+ProxyHTMLLinks base href
+ProxyHTMLLinks script src for
+
+# To support scripting events (with ProxyHTMLExtended On),
+# you'll need to declare them too.
+
+ProxyHTMLEvents \
+ onclick ondblclick \
+ onmousedown onmouseup onmouseover onmousemove onmouseout \
+ onkeypress onkeydown onkeyup onfocus onblur \
+ onload onunload onsubmit onreset onselect onchange
+
+# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML,
+# you'll need to uncomment the following deprecated link attributes.
+# Note that these are enabled in earlier mod_proxy_html versions
+#
+# ProxyHTMLLinks frame src longdesc
+# ProxyHTMLLinks iframe src longdesc
+# ProxyHTMLLinks body background
+# ProxyHTMLLinks applet codebase
+#
+# If you're dealing with proprietary HTML variants,
+# declare your own URL attributes here as required.
+#
+# ProxyHTMLLinks myelement myattr otherattr
+#
+###########
+# EXAMPLE #
+###########
+#
+# To define the URL /my-gateway/ as a gateway to an appserver with address
+# http://some.app.intranet/ on a private network, after loading the
+# modules and including this configuration file:
+#
+# ProxyRequests Off <-- this is an important security setting
+# ProxyPass /my-gateway/ http://some.app.intranet/
+# <Location /my-gateway/>
+# ProxyPassReverse /
+# ProxyHTMLEnable On
+# ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/
+# ProxyHTMLURLMap / /my-gateway/
+# </Location>
+#
+# Many (though not all) real-life setups are more complex.
+#
+# See the documentation at
+# http://apache.webthing.com/mod_proxy_html/
+# and the tutorial at
+# http://www.apachetutor.org/admin/reverseproxies
diff --git a/debian/config-dir/mods-available/proxy_html.load b/debian/config-dir/mods-available/proxy_html.load
new file mode 100644
index 0000000..50f1a2c
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_html.load
@@ -0,0 +1,2 @@
+# Depends: proxy xml2enc
+LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so
diff --git a/debian/config-dir/mods-available/proxy_http.load b/debian/config-dir/mods-available/proxy_http.load
new file mode 100644
index 0000000..a3ffe02
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_http.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
diff --git a/debian/config-dir/mods-available/proxy_http2.load b/debian/config-dir/mods-available/proxy_http2.load
new file mode 100644
index 0000000..b251d0c
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_http2.load
@@ -0,0 +1,2 @@
+# Depends: proxy http2
+LoadModule proxy_http2_module /usr/lib/apache2/modules/mod_proxy_http2.so
diff --git a/debian/config-dir/mods-available/proxy_scgi.load b/debian/config-dir/mods-available/proxy_scgi.load
new file mode 100644
index 0000000..fb6b0d7
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_scgi.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
diff --git a/debian/config-dir/mods-available/proxy_uwsgi.load b/debian/config-dir/mods-available/proxy_uwsgi.load
new file mode 100644
index 0000000..79ebd42
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_uwsgi.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
diff --git a/debian/config-dir/mods-available/proxy_wstunnel.load b/debian/config-dir/mods-available/proxy_wstunnel.load
new file mode 100644
index 0000000..fe6589d
--- /dev/null
+++ b/debian/config-dir/mods-available/proxy_wstunnel.load
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
diff --git a/debian/config-dir/mods-available/ratelimit.load b/debian/config-dir/mods-available/ratelimit.load
new file mode 100644
index 0000000..fc933d7
--- /dev/null
+++ b/debian/config-dir/mods-available/ratelimit.load
@@ -0,0 +1,2 @@
+# Depends: env
+LoadModule ratelimit_module /usr/lib/apache2/modules/mod_ratelimit.so
diff --git a/debian/config-dir/mods-available/reflector.load b/debian/config-dir/mods-available/reflector.load
new file mode 100644
index 0000000..91701d8
--- /dev/null
+++ b/debian/config-dir/mods-available/reflector.load
@@ -0,0 +1 @@
+LoadModule reflector_module /usr/lib/apache2/modules/mod_reflector.so
diff --git a/debian/config-dir/mods-available/remoteip.load b/debian/config-dir/mods-available/remoteip.load
new file mode 100644
index 0000000..a771554
--- /dev/null
+++ b/debian/config-dir/mods-available/remoteip.load
@@ -0,0 +1 @@
+LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so
diff --git a/debian/config-dir/mods-available/reqtimeout.conf b/debian/config-dir/mods-available/reqtimeout.conf
new file mode 100644
index 0000000..8b5f551
--- /dev/null
+++ b/debian/config-dir/mods-available/reqtimeout.conf
@@ -0,0 +1,21 @@
+# mod_reqtimeout limits the time waiting on the client to prevent an
+# attacker from causing a denial of service by opening many connections
+# but not sending requests. This file tries to give a sensible default
+# configuration, but it may be necessary to tune the timeout values to
+# the actual situation. Note that it is also possible to configure
+# mod_reqtimeout per virtual host.
+
+
+# Wait max 20 seconds for the first byte of the request line+headers
+# From then, require a minimum data rate of 500 bytes/s, but don't
+# wait longer than 40 seconds in total.
+# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
+# cause problem with ssl enabled virtual hosts: This timeout includes
+# the time a browser may need to fetch the CRL for the certificate. If
+# the CRL server is not reachable, it may take more than 10 seconds
+# until the browser gives up.
+RequestReadTimeout header=20-40,minrate=500
+
+# Wait max 10 seconds for the first byte of the request body (if any)
+# From then, require a minimum data rate of 500 bytes/s
+RequestReadTimeout body=10,minrate=500
diff --git a/debian/config-dir/mods-available/reqtimeout.load b/debian/config-dir/mods-available/reqtimeout.load
new file mode 100644
index 0000000..8b2c5e6
--- /dev/null
+++ b/debian/config-dir/mods-available/reqtimeout.load
@@ -0,0 +1 @@
+LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
diff --git a/debian/config-dir/mods-available/request.load b/debian/config-dir/mods-available/request.load
new file mode 100644
index 0000000..6727f5a
--- /dev/null
+++ b/debian/config-dir/mods-available/request.load
@@ -0,0 +1 @@
+LoadModule request_module /usr/lib/apache2/modules/mod_request.so
diff --git a/debian/config-dir/mods-available/rewrite.load b/debian/config-dir/mods-available/rewrite.load
new file mode 100644
index 0000000..b32f162
--- /dev/null
+++ b/debian/config-dir/mods-available/rewrite.load
@@ -0,0 +1 @@
+LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
diff --git a/debian/config-dir/mods-available/sed.load b/debian/config-dir/mods-available/sed.load
new file mode 100644
index 0000000..cf5d9af
--- /dev/null
+++ b/debian/config-dir/mods-available/sed.load
@@ -0,0 +1 @@
+LoadModule sed_module /usr/lib/apache2/modules/mod_sed.so
diff --git a/debian/config-dir/mods-available/session.load b/debian/config-dir/mods-available/session.load
new file mode 100644
index 0000000..f518c96
--- /dev/null
+++ b/debian/config-dir/mods-available/session.load
@@ -0,0 +1 @@
+LoadModule session_module /usr/lib/apache2/modules/mod_session.so
diff --git a/debian/config-dir/mods-available/session_cookie.load b/debian/config-dir/mods-available/session_cookie.load
new file mode 100644
index 0000000..8cffd89
--- /dev/null
+++ b/debian/config-dir/mods-available/session_cookie.load
@@ -0,0 +1,2 @@
+# Depends: session
+LoadModule session_cookie_module /usr/lib/apache2/modules/mod_session_cookie.so
diff --git a/debian/config-dir/mods-available/session_crypto.load b/debian/config-dir/mods-available/session_crypto.load
new file mode 100644
index 0000000..b3f7a95
--- /dev/null
+++ b/debian/config-dir/mods-available/session_crypto.load
@@ -0,0 +1,2 @@
+# Depends: session
+LoadModule session_crypto_module /usr/lib/apache2/modules/mod_session_crypto.so
diff --git a/debian/config-dir/mods-available/session_dbd.load b/debian/config-dir/mods-available/session_dbd.load
new file mode 100644
index 0000000..18fa4a4
--- /dev/null
+++ b/debian/config-dir/mods-available/session_dbd.load
@@ -0,0 +1,2 @@
+# Depends: session
+LoadModule session_dbd_module /usr/lib/apache2/modules/mod_session_dbd.so
diff --git a/debian/config-dir/mods-available/setenvif.conf b/debian/config-dir/mods-available/setenvif.conf
new file mode 100644
index 0000000..8bba04c
--- /dev/null
+++ b/debian/config-dir/mods-available/setenvif.conf
@@ -0,0 +1,26 @@
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash. This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1\.[012]" redirect-carefully
+BrowserMatch "^gnome-vfs/1\.0" redirect-carefully
+BrowserMatch "^gvfs/1" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+BrowserMatch " Konqueror/4" redirect-carefully
diff --git a/debian/config-dir/mods-available/setenvif.load b/debian/config-dir/mods-available/setenvif.load
new file mode 100644
index 0000000..bcb5c52
--- /dev/null
+++ b/debian/config-dir/mods-available/setenvif.load
@@ -0,0 +1 @@
+LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
diff --git a/debian/config-dir/mods-available/slotmem_plain.load b/debian/config-dir/mods-available/slotmem_plain.load
new file mode 100644
index 0000000..0a68121
--- /dev/null
+++ b/debian/config-dir/mods-available/slotmem_plain.load
@@ -0,0 +1 @@
+LoadModule slotmem_plain_module /usr/lib/apache2/modules/mod_slotmem_plain.so
diff --git a/debian/config-dir/mods-available/slotmem_shm.load b/debian/config-dir/mods-available/slotmem_shm.load
new file mode 100644
index 0000000..48ba402
--- /dev/null
+++ b/debian/config-dir/mods-available/slotmem_shm.load
@@ -0,0 +1 @@
+LoadModule slotmem_shm_module /usr/lib/apache2/modules/mod_slotmem_shm.so
diff --git a/debian/config-dir/mods-available/socache_dbm.load b/debian/config-dir/mods-available/socache_dbm.load
new file mode 100644
index 0000000..c759d35
--- /dev/null
+++ b/debian/config-dir/mods-available/socache_dbm.load
@@ -0,0 +1 @@
+LoadModule socache_dbm_module /usr/lib/apache2/modules/mod_socache_dbm.so
diff --git a/debian/config-dir/mods-available/socache_memcache.load b/debian/config-dir/mods-available/socache_memcache.load
new file mode 100644
index 0000000..15d1ad0
--- /dev/null
+++ b/debian/config-dir/mods-available/socache_memcache.load
@@ -0,0 +1 @@
+LoadModule socache_memcache_module /usr/lib/apache2/modules/mod_socache_memcache.so
diff --git a/debian/config-dir/mods-available/socache_redis.load b/debian/config-dir/mods-available/socache_redis.load
new file mode 100644
index 0000000..b1a8de2
--- /dev/null
+++ b/debian/config-dir/mods-available/socache_redis.load
@@ -0,0 +1 @@
+LoadModule socache_redis_module /usr/lib/apache2/modules/mod_socache_redis.so
diff --git a/debian/config-dir/mods-available/socache_shmcb.load b/debian/config-dir/mods-available/socache_shmcb.load
new file mode 100644
index 0000000..542a2b2
--- /dev/null
+++ b/debian/config-dir/mods-available/socache_shmcb.load
@@ -0,0 +1 @@
+LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
diff --git a/debian/config-dir/mods-available/speling.load b/debian/config-dir/mods-available/speling.load
new file mode 100644
index 0000000..423e401
--- /dev/null
+++ b/debian/config-dir/mods-available/speling.load
@@ -0,0 +1 @@
+LoadModule speling_module /usr/lib/apache2/modules/mod_speling.so
diff --git a/debian/config-dir/mods-available/ssl.conf b/debian/config-dir/mods-available/ssl.conf
new file mode 100644
index 0000000..83ca99e
--- /dev/null
+++ b/debian/config-dir/mods-available/ssl.conf
@@ -0,0 +1,83 @@
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+# (The mechanism dbm has known memory leaks and should not be used).
+#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
+SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual exclusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+# (Disabled by default, the global Mutex directive consolidates by default
+# this)
+#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
+
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate. See the
+# ciphers(1) man page from the openssl package for list of all available
+# options.
+# Enable only secure ciphers:
+SSLCipherSuite HIGH:!aNULL
+
+# SSL server cipher order preference:
+# Use server priorities for cipher algorithm choice.
+# Clients may prefer lower grade encryption. You should enable this
+# option if you want to enforce stronger encryption, and can afford
+# the CPU cost, and did not override SSLCipherSuite in a way that puts
+# insecure ciphers first.
+# Default: Off
+#SSLHonorCipherOrder on
+
+# The protocols to enable.
+# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
+# SSL v2 is no longer supported
+SSLProtocol all -SSLv3
+
+# Allow insecure renegotiation with clients which do not yet support the
+# secure renegotiation protocol. Default: Off
+#SSLInsecureRenegotiation on
+
+# Whether to forbid non-SNI clients to access name based virtual hosts.
+# Default: Off
+#SSLStrictSNIVHostCheck On
+
+# Warning: Session Tickets require regular reloading of the server!
+# Make sure you do this (e.g. via logrotate) before changing this setting!
+SSLSessionTickets off
diff --git a/debian/config-dir/mods-available/ssl.load b/debian/config-dir/mods-available/ssl.load
new file mode 100644
index 0000000..3d2336a
--- /dev/null
+++ b/debian/config-dir/mods-available/ssl.load
@@ -0,0 +1,2 @@
+# Depends: setenvif mime socache_shmcb
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/debian/config-dir/mods-available/status.conf b/debian/config-dir/mods-available/status.conf
new file mode 100644
index 0000000..cd7dd58
--- /dev/null
+++ b/debian/config-dir/mods-available/status.conf
@@ -0,0 +1,23 @@
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+
+<Location /server-status>
+ SetHandler server-status
+ Require local
+ #Require ip 192.0.2.0/24
+</Location>
+
+# Keep track of extended status information for each request
+ExtendedStatus On
+
+# Determine if mod_status displays the first 63 characters of a request or
+# the last 63, assuming the request itself is greater than 63 chars.
+# Default: Off
+#SeeRequestTail On
+
+
+<IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+</IfModule>
diff --git a/debian/config-dir/mods-available/status.load b/debian/config-dir/mods-available/status.load
new file mode 100644
index 0000000..9efd636
--- /dev/null
+++ b/debian/config-dir/mods-available/status.load
@@ -0,0 +1 @@
+LoadModule status_module /usr/lib/apache2/modules/mod_status.so
diff --git a/debian/config-dir/mods-available/substitute.load b/debian/config-dir/mods-available/substitute.load
new file mode 100644
index 0000000..df361cd
--- /dev/null
+++ b/debian/config-dir/mods-available/substitute.load
@@ -0,0 +1 @@
+LoadModule substitute_module /usr/lib/apache2/modules/mod_substitute.so
diff --git a/debian/config-dir/mods-available/suexec.load b/debian/config-dir/mods-available/suexec.load
new file mode 100644
index 0000000..116858b
--- /dev/null
+++ b/debian/config-dir/mods-available/suexec.load
@@ -0,0 +1 @@
+LoadModule suexec_module /usr/lib/apache2/modules/mod_suexec.so
diff --git a/debian/config-dir/mods-available/unique_id.load b/debian/config-dir/mods-available/unique_id.load
new file mode 100644
index 0000000..2d0c9eb
--- /dev/null
+++ b/debian/config-dir/mods-available/unique_id.load
@@ -0,0 +1 @@
+LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so
diff --git a/debian/config-dir/mods-available/userdir.conf b/debian/config-dir/mods-available/userdir.conf
new file mode 100644
index 0000000..16cf53c
--- /dev/null
+++ b/debian/config-dir/mods-available/userdir.conf
@@ -0,0 +1,8 @@
+UserDir public_html
+UserDir disabled root
+
+<Directory /home/*/public_html>
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+</Directory>
diff --git a/debian/config-dir/mods-available/userdir.load b/debian/config-dir/mods-available/userdir.load
new file mode 100644
index 0000000..0cfc621
--- /dev/null
+++ b/debian/config-dir/mods-available/userdir.load
@@ -0,0 +1 @@
+LoadModule userdir_module /usr/lib/apache2/modules/mod_userdir.so
diff --git a/debian/config-dir/mods-available/usertrack.load b/debian/config-dir/mods-available/usertrack.load
new file mode 100644
index 0000000..25918b5
--- /dev/null
+++ b/debian/config-dir/mods-available/usertrack.load
@@ -0,0 +1 @@
+LoadModule usertrack_module /usr/lib/apache2/modules/mod_usertrack.so
diff --git a/debian/config-dir/mods-available/vhost_alias.load b/debian/config-dir/mods-available/vhost_alias.load
new file mode 100644
index 0000000..4fe4cb6
--- /dev/null
+++ b/debian/config-dir/mods-available/vhost_alias.load
@@ -0,0 +1 @@
+LoadModule vhost_alias_module /usr/lib/apache2/modules/mod_vhost_alias.so
diff --git a/debian/config-dir/mods-available/xml2enc.load b/debian/config-dir/mods-available/xml2enc.load
new file mode 100644
index 0000000..98cfa18
--- /dev/null
+++ b/debian/config-dir/mods-available/xml2enc.load
@@ -0,0 +1 @@
+LoadModule xml2enc_module /usr/lib/apache2/modules/mod_xml2enc.so
diff --git a/debian/config-dir/ports.conf b/debian/config-dir/ports.conf
new file mode 100644
index 0000000..f41641b
--- /dev/null
+++ b/debian/config-dir/ports.conf
@@ -0,0 +1,13 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 80
+
+<IfModule ssl_module>
+ Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+ Listen 443
+</IfModule>
diff --git a/debian/config-dir/sites-available/000-default.conf b/debian/config-dir/sites-available/000-default.conf
new file mode 100644
index 0000000..e69ed8b
--- /dev/null
+++ b/debian/config-dir/sites-available/000-default.conf
@@ -0,0 +1,29 @@
+<VirtualHost *:80>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName www.example.com
+
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
diff --git a/debian/config-dir/sites-available/default-ssl.conf b/debian/config-dir/sites-available/default-ssl.conf
new file mode 100644
index 0000000..330280d
--- /dev/null
+++ b/debian/config-dir/sites-available/default-ssl.conf
@@ -0,0 +1,130 @@
+<VirtualHost *:443>
+ ServerAdmin webmaster@localhost
+
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+ <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ # BrowserMatch "MSIE [2-6]" \
+ # nokeepalive ssl-unclean-shutdown \
+ # downgrade-1.0 force-response-1.0
+
+</VirtualHost>