summaryrefslogtreecommitdiffstats
path: root/docs/conf/extra
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:01:30 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:01:30 +0000
commit6beeb1b708550be0d4a53b272283e17e5e35fe17 (patch)
tree1ce8673d4aaa948e5554000101f46536a1e4cc29 /docs/conf/extra
parentInitial commit. (diff)
downloadapache2-6beeb1b708550be0d4a53b272283e17e5e35fe17.tar.xz
apache2-6beeb1b708550be0d4a53b272283e17e5e35fe17.zip
Adding upstream version 2.4.57.upstream/2.4.57upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/conf/extra')
-rw-r--r--docs/conf/extra/httpd-autoindex.conf.in93
-rw-r--r--docs/conf/extra/httpd-dav.conf.in50
-rw-r--r--docs/conf/extra/httpd-default.conf.in90
-rw-r--r--docs/conf/extra/httpd-info.conf.in36
-rw-r--r--docs/conf/extra/httpd-languages.conf.in141
-rw-r--r--docs/conf/extra/httpd-manual.conf.in38
-rw-r--r--docs/conf/extra/httpd-mpm.conf.in119
-rw-r--r--docs/conf/extra/httpd-multilang-errordoc.conf.in52
-rw-r--r--docs/conf/extra/httpd-ssl.conf.in290
-rw-r--r--docs/conf/extra/httpd-userdir.conf.in21
-rw-r--r--docs/conf/extra/httpd-vhosts.conf.in41
-rw-r--r--docs/conf/extra/proxy-html.conf.in90
12 files changed, 1061 insertions, 0 deletions
diff --git a/docs/conf/extra/httpd-autoindex.conf.in b/docs/conf/extra/httpd-autoindex.conf.in
new file mode 100644
index 0000000..51b02ed
--- /dev/null
+++ b/docs/conf/extra/httpd-autoindex.conf.in
@@ -0,0 +1,93 @@
+#
+# Directives controlling the display of server-generated directory listings.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+# mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing HTMLTable VersionSort
+
+# We include the /icons/ alias for FancyIndexed directory listings. If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "@exp_iconsdir@/"
+
+<Directory "@exp_iconsdir@">
+ Options Indexes MultiViews
+ AllowOverride None
+ Require all granted
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions. These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes. These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes.
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing. Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
diff --git a/docs/conf/extra/httpd-dav.conf.in b/docs/conf/extra/httpd-dav.conf.in
new file mode 100644
index 0000000..f1d35e0
--- /dev/null
+++ b/docs/conf/extra/httpd-dav.conf.in
@@ -0,0 +1,50 @@
+#
+# Distributed authoring and versioning (WebDAV)
+#
+# Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file,
+# mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs,
+# mod_setenvif
+
+# The following example gives DAV write access to a directory called
+# "uploads" under the ServerRoot directory.
+#
+# The User/Group specified in httpd.conf needs to have write permissions
+# on the directory where the DavLockDB is placed and on any directory where
+# "Dav On" is specified.
+
+DavLockDB "@@ServerRoot@@/var/DavLock"
+
+Alias /uploads "@@ServerRoot@@/uploads"
+
+<Directory "@@ServerRoot@@/uploads">
+ Dav On
+
+ AuthType Digest
+ AuthName DAV-upload
+ # You can use the htdigest program to create the password database:
+ # htdigest -c "@@ServerRoot@@/user.passwd" DAV-upload admin
+ AuthUserFile "@@ServerRoot@@/user.passwd"
+ AuthDigestProvider file
+
+ # Allow universal read-access, but writes are restricted
+ # to the admin user.
+ <RequireAny>
+ Require method GET POST OPTIONS
+ Require user admin
+ </RequireAny>
+</Directory>
+
+#
+# The following directives disable redirects on non-GET requests for
+# a directory that does not include the trailing slash. This fixes a
+# problem with several clients that do not appropriately handle
+# redirects for folders with DAV methods.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+BrowserMatch " Konqueror/4" redirect-carefully
diff --git a/docs/conf/extra/httpd-default.conf.in b/docs/conf/extra/httpd-default.conf.in
new file mode 100644
index 0000000..7196922
--- /dev/null
+++ b/docs/conf/extra/httpd-default.conf.in
@@ -0,0 +1,90 @@
+#
+# This configuration file reflects default settings for Apache HTTP Server.
+#
+# You may change these, but chances are that you may not need to.
+#
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 60
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client. When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#
+ServerSignature Off
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+#
+# Set a timeout for how long the client may take to send the request header
+# and body.
+# The default for the headers is header=20-40,MinRate=500, which means wait
+# for the first byte of headers for 20 seconds. If some data arrives,
+# increase the timeout corresponding to a data rate of 500 bytes/s, but not
+# above 40 seconds.
+# The default for the request body is body=20,MinRate=500, which is the same
+# but has no upper limit for the timeout.
+# To disable, set to header=0 body=0
+#
+<IfModule reqtimeout_module>
+ RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
diff --git a/docs/conf/extra/httpd-info.conf.in b/docs/conf/extra/httpd-info.conf.in
new file mode 100644
index 0000000..5cfdf69
--- /dev/null
+++ b/docs/conf/extra/httpd-info.conf.in
@@ -0,0 +1,36 @@
+#
+# Get information about the requests being processed by the server
+# and the configuration of the server.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+# mod_info (for the server-info handler),
+# mod_status (for the server-status handler)
+
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+
+<Location /server-status>
+ SetHandler server-status
+ Require host .example.com
+ Require ip 127
+</Location>
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+#
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+<Location /server-info>
+ SetHandler server-info
+ Require host .example.com
+ Require ip 127
+</Location>
diff --git a/docs/conf/extra/httpd-languages.conf.in b/docs/conf/extra/httpd-languages.conf.in
new file mode 100644
index 0000000..7f66461
--- /dev/null
+++ b/docs/conf/extra/httpd-languages.conf.in
@@ -0,0 +1,141 @@
+#
+# Settings for hosting different languages.
+#
+# Required modules: mod_mime, mod_negotiation
+
+# DefaultLanguage and AddLanguage allows you to specify the language of
+# a document. You can then use content negotiation to give a browser a
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases
+# the two character 'Language' abbreviation is not identical to
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es)
+# Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage tr .tr
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset us-ascii.ascii .us-ascii
+AddCharset ISO-8859-1 .iso8859-1 .latin1
+AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+AddCharset ISO-8859-3 .iso8859-3 .latin3
+AddCharset ISO-8859-4 .iso8859-4 .latin4
+AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+AddCharset ISO-8859-10 .iso8859-10 .latin6
+AddCharset ISO-8859-13 .iso8859-13
+AddCharset ISO-8859-14 .iso8859-14 .latin8
+AddCharset ISO-8859-15 .iso8859-15 .latin9
+AddCharset ISO-8859-16 .iso8859-16 .latin10
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5.Big5 .big5 .b5
+AddCharset cn-Big5 .cn-big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251 .win-1251
+AddCharset CP866 .cp866
+AddCharset KOI8 .koi8
+AddCharset KOI8-E .koi8-e
+AddCharset KOI8-r .koi8-r .koi8-ru
+AddCharset KOI8-U .koi8-u
+AddCharset KOI8-ru .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-7 .utf7
+AddCharset UTF-8 .utf8
+AddCharset UTF-16 .utf16
+AddCharset UTF-16BE .utf16be
+AddCharset UTF-16LE .utf16le
+AddCharset UTF-32 .utf32
+AddCharset UTF-32BE .utf32be
+AddCharset UTF-32LE .utf32le
+AddCharset euc-cn .euc-cn
+AddCharset euc-gb .euc-gb
+AddCharset euc-jp .euc-jp
+AddCharset euc-kr .euc-kr
+#Not sure how euc-tw got in - IANA doesn't list it???
+AddCharset EUC-TW .euc-tw
+AddCharset gb2312 .gb2312 .gb
+AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+AddCharset shift_jis .shift_jis .sjis
diff --git a/docs/conf/extra/httpd-manual.conf.in b/docs/conf/extra/httpd-manual.conf.in
new file mode 100644
index 0000000..e8222a9
--- /dev/null
+++ b/docs/conf/extra/httpd-manual.conf.in
@@ -0,0 +1,38 @@
+#
+# Provide access to the documentation on your server as
+# http://yourserver.example.com/manual/
+# The documentation is always available at
+# http://httpd.apache.org/docs/2.4/
+#
+# Required modules: mod_alias, mod_authz_core, mod_authz_host,
+# mod_setenvif, mod_negotiation
+#
+
+AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "@exp_manualdir@$1"
+
+<Directory "@exp_manualdir@">
+ Options Indexes
+ AllowOverride None
+ Require all granted
+
+ <Files *.html>
+ SetHandler type-map
+ </Files>
+
+ # .tr is text/troff in mime.types!
+ RemoveType tr
+
+ # Traditionally, used .dk filename extension for da language
+ AddLanguage da .da
+
+ SetEnvIf Request_URI ^/manual/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)/ prefer-language=$1
+ RedirectMatch 301 ^/manual(?:/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)){2,}(/.*)?$ /manual/$1$2
+
+ # Reflect the greatest effort in translation (most content available),
+ # inferring greater attention to detail (potentially false assumption,
+ # counting translations presently in-sync would be more helpful.)
+ # Use caution counting; safest pattern is '*.xml.XX'. Recent .xml source
+ # document count: 266 214 110 94 82 25 22 18 4 1 1
+ LanguagePriority en fr ko ja tr es de zh-cn pt-br da ru
+ ForceLanguagePriority Prefer Fallback
+</Directory>
diff --git a/docs/conf/extra/httpd-mpm.conf.in b/docs/conf/extra/httpd-mpm.conf.in
new file mode 100644
index 0000000..bf29faf
--- /dev/null
+++ b/docs/conf/extra/httpd-mpm.conf.in
@@ -0,0 +1,119 @@
+#
+# Server-Pool Management (MPM specific)
+#
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+# Note that this is the default PidFile for most MPMs.
+#
+<IfModule !mpm_netware_module>
+ PidFile "@rel_runtimedir@/httpd.pid"
+</IfModule>
+
+#
+# Only one of the below sections will be relevant on your
+# installed httpd. Use "apachectl -l" to find out the
+# active mpm.
+#
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+# before terminating
+<IfModule mpm_prefork_module>
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxRequestWorkers 250
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+# before terminating
+<IfModule mpm_worker_module>
+ StartServers 3
+ MinSpareThreads 75
+ MaxSpareThreads 250
+ ThreadsPerChild 25
+ MaxRequestWorkers 400
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+# before terminating
+<IfModule mpm_event_module>
+ StartServers 3
+ MinSpareThreads 75
+ MaxSpareThreads 250
+ ThreadsPerChild 25
+ MaxRequestWorkers 400
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# NetWare MPM
+# ThreadStackSize: Stack size allocated for each worker thread
+# StartThreads: Number of worker threads launched at server startup
+# MinSpareThreads: Minimum number of idle threads, to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads
+# MaxThreads: Maximum number of worker threads alive at the same time
+# MaxConnectionsPerChild: Maximum number of connections a thread serves. It
+# is recommended that the default value of 0 be set
+# for this directive on NetWare. This will allow the
+# thread to continue to service requests indefinitely.
+<IfModule mpm_netware_module>
+ ThreadStackSize 65536
+ StartThreads 250
+ MinSpareThreads 25
+ MaxSpareThreads 250
+ MaxThreads 1000
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# OS/2 MPM
+# StartServers: Number of server processes to maintain
+# MinSpareThreads: Minimum number of idle threads per process,
+# to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads per process
+# MaxConnectionsPerChild: Maximum number of connections per server process
+<IfModule mpm_mpmt_os2_module>
+ StartServers 2
+ MinSpareThreads 5
+ MaxSpareThreads 10
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# WinNT MPM
+# ThreadsPerChild: constant number of worker threads in the server process
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+<IfModule mpm_winnt_module>
+ ThreadsPerChild 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# The maximum number of free Kbytes that every allocator is allowed
+# to hold without calling free(). In threaded MPMs, every thread has its own
+# allocator. When not set, or when set to zero, the threshold will be set to
+# unlimited.
+<IfModule !mpm_netware_module>
+ MaxMemFree 2048
+</IfModule>
+<IfModule mpm_netware_module>
+ MaxMemFree 100
+</IfModule>
diff --git a/docs/conf/extra/httpd-multilang-errordoc.conf.in b/docs/conf/extra/httpd-multilang-errordoc.conf.in
new file mode 100644
index 0000000..3da3bf2
--- /dev/null
+++ b/docs/conf/extra/httpd-multilang-errordoc.conf.in
@@ -0,0 +1,52 @@
+#
+# The configuration below implements multi-language error documents through
+# content-negotiation.
+#
+# Required modules: mod_alias, mod_authz_core, mod_authz_host,
+# mod_include, mod_negotiation
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+# Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# @exp_errordir@/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
+
+Alias /error/ "@exp_errordir@/"
+
+<Directory "@exp_errordir@">
+ AllowOverride None
+ Options IncludesNoExec
+ AddOutputFilter Includes html
+ AddHandler type-map var
+ Require all granted
+ LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+ ForceLanguagePriority Prefer Fallback
+</Directory>
+
+ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+ErrorDocument 410 /error/HTTP_GONE.html.var
+ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
new file mode 100644
index 0000000..6a3c67a
--- /dev/null
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -0,0 +1,290 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailed information about these
+# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+# Required modules: mod_log_config, mod_setenvif, mod_ssl,
+# socache_shmcb_module (for default value of SSLSessionCache)
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+
+#
+# When we also provide SSL we have to listen to the
+# standard HTTP port (see above) and to the HTTPS port
+#
+Listen @@SSLPort@@
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate,
+# and that httpd will negotiate as the client of a proxied server.
+# See the OpenSSL documentation for a complete list of ciphers, and
+# ensure these follow appropriate best practices for this deployment.
+# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
+# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+
+# By the end of 2016, only TLSv1.2 ciphers should remain in use.
+# Older ciphers should be disallowed as soon as possible, while the
+# kRSA ciphers do not offer forward secrecy. These changes inhibit
+# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
+# non-browser tooling) from successfully connecting.
+#
+# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
+# those protocols which do not support forward secrecy, replace
+# the SSLCipherSuite and SSLProxyCipherSuite directives above with
+# the following two directives, as soon as practical.
+# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
+# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
+
+# User agents such as web browsers are not configured for the user's
+# own preference of either security or performance, therefore this
+# must be the prerogative of the web server administrator who manages
+# cpu load versus confidentiality, so enforce the server's cipher order.
+SSLHonorCipherOrder on
+
+# SSL Protocol support:
+# List the protocol versions which clients are allowed to connect with.
+# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be
+# disabled as quickly as practical. By the end of 2016, only the TLSv1.2
+# protocol or later should remain in use.
+SSLProtocol all -SSLv3
+SSLProxyProtocol all -SSLv3
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is an internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+#SSLSessionCache "dbm:@exp_runtimedir@/ssl_scache"
+SSLSessionCache "shmcb:@exp_runtimedir@/ssl_scache(512000)"
+SSLSessionCacheTimeout 300
+
+# OCSP Stapling (requires OpenSSL 0.9.8h or later)
+#
+# This feature is disabled by default and requires at least
+# the two directives SSLUseStapling and SSLStaplingCache.
+# Refer to the documentation on OCSP Stapling in the SSL/TLS
+# How-To for more information.
+#
+# Enable stapling for all SSL-enabled servers:
+#SSLUseStapling On
+
+# Define a relatively small cache for OCSP Stapling using
+# the same mechanism that is used for the SSL session cache
+# above. If stapling is used with more than a few certificates,
+# the size may need to be increased. (AH01929 will be logged.)
+#SSLStaplingCache "shmcb:@exp_runtimedir@/ssl_stapling(32768)"
+
+# Seconds before valid OCSP responses are expired from the cache
+#SSLStaplingStandardCacheTimeout 3600
+
+# Seconds before invalid OCSP responses are expired from the cache
+#SSLStaplingErrorCacheTimeout 600
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:@@SSLPort@@>
+
+# General setup for the virtual host
+DocumentRoot "@exp_htdocsdir@"
+ServerName www.example.com:@@SSLPort@@
+ServerAdmin you@example.com
+ErrorLog "@exp_logfiledir@/error_log"
+TransferLog "@exp_logfiledir@/access_log"
+
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+# Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate. If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase. Note that a kill -HUP will prompt again. Keep
+# in mind that if you have both an RSA and a DSA certificate you
+# can configure both in parallel (to also allow the use of DSA
+# ciphers, etc.)
+# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
+# require an ECC certificate which can also be configured in
+# parallel.
+SSLCertificateFile "@exp_sysconfdir@/server.crt"
+#SSLCertificateFile "@exp_sysconfdir@/server-dsa.crt"
+#SSLCertificateFile "@exp_sysconfdir@/server-ecc.crt"
+
+# Server Private Key:
+# If the key is not combined with the certificate, use this
+# directive to point at the key file. Keep in mind that if
+# you've both a RSA and a DSA private key you can configure
+# both in parallel (to also allow the use of DSA ciphers, etc.)
+# ECC keys, when in use, can also be configured in parallel
+SSLCertificateKeyFile "@exp_sysconfdir@/server.key"
+#SSLCertificateKeyFile "@exp_sysconfdir@/server-dsa.key"
+#SSLCertificateKeyFile "@exp_sysconfdir@/server-ecc.key"
+
+# Server Certificate Chain:
+# Point SSLCertificateChainFile at a file containing the
+# concatenation of PEM encoded CA certificates which form the
+# certificate chain for the server certificate. Alternatively
+# the referenced file can be the same as SSLCertificateFile
+# when the CA certificates are directly appended to the server
+# certificate for convenience.
+#SSLCertificateChainFile "@exp_sysconfdir@/server-ca.crt"
+
+# Certificate Authority (CA):
+# Set the CA certificate verification path where to find CA
+# certificates for client authentication or alternatively one
+# huge file containing all of them (file must be PEM encoded)
+# Note: Inside SSLCACertificatePath you need hash symlinks
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
+#SSLCACertificatePath "@exp_sysconfdir@/ssl.crt"
+#SSLCACertificateFile "@exp_sysconfdir@/ssl.crt/ca-bundle.crt"
+
+# Certificate Revocation Lists (CRL):
+# Set the CA revocation path where to find CA CRLs for client
+# authentication or alternatively one huge file containing all
+# of them (file must be PEM encoded).
+# The CRL checking mode needs to be configured explicitly
+# through SSLCARevocationCheck (defaults to "none" otherwise).
+# Note: Inside SSLCARevocationPath you need hash symlinks
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
+#SSLCARevocationPath "@exp_sysconfdir@/ssl.crl"
+#SSLCARevocationFile "@exp_sysconfdir@/ssl.crl/ca-bundle.crl"
+#SSLCARevocationCheck chain
+
+# Client Authentication (Type):
+# Client certificate verification type and depth. Types are
+# none, optional, require and optional_no_ca. Depth is a
+# number which specifies how deeply to verify the certificate
+# issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+# TLS-SRP mutual authentication:
+# Enable TLS-SRP and set the path to the OpenSSL SRP verifier
+# file (containing login information for SRP user accounts).
+# Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
+# detailed instructions on creating this file. Example:
+# "openssl srp -srpvfile @exp_sysconfdir@/passwd.srpv -add username"
+#SSLSRPVerifierFile "@exp_sysconfdir@/passwd.srpv"
+
+# Access Control:
+# With SSLRequire you can do per-directory access control based
+# on arbitrary complex boolean expressions containing server
+# variable checks and other lookup directives. The syntax is a
+# mixture between C and Perl. See the mod_ssl documentation
+# for more details.
+#<Location />
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+# SSL Engine Options:
+# Set various options for the SSL engine.
+# o FakeBasicAuth:
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
+# o ExportCertData:
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
+# o StdEnvVars:
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
+# o StrictRequire:
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
+# o OptRenegotiate:
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "@exp_cgidir@">
+ SSLOptions +StdEnvVars
+</Directory>
+
+# SSL Protocol Adjustments:
+# The safe and default but still SSL/TLS standard compliant shutdown
+# approach is that mod_ssl sends the close notify alert but doesn't wait for
+# the close notify alert from client. When you need a different shutdown
+# approach you can use one of the following variables:
+# o ssl-unclean-shutdown:
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is sent or allowed to be received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
+# o ssl-accurate-shutdown:
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is send and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
+# Notice: Most problems of broken clients are also related to the HTTP
+# keep-alive facility, so you usually additionally want to disable
+# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+# Similarly, one has to force some clients to use HTTP/1.0 to workaround
+# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+# "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+CustomLog "@exp_logfiledir@/ssl_request_log" \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
diff --git a/docs/conf/extra/httpd-userdir.conf.in b/docs/conf/extra/httpd-userdir.conf.in
new file mode 100644
index 0000000..a744322
--- /dev/null
+++ b/docs/conf/extra/httpd-userdir.conf.in
@@ -0,0 +1,21 @@
+# Settings for user home directories
+#
+# Required module: mod_authz_core, mod_authz_host, mod_userdir
+
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received. Note that you must also set
+# the default access control for these directories, as in the example below.
+#
+UserDir public_html
+
+#
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+</Directory>
+
diff --git a/docs/conf/extra/httpd-vhosts.conf.in b/docs/conf/extra/httpd-vhosts.conf.in
new file mode 100644
index 0000000..fbd2df4
--- /dev/null
+++ b/docs/conf/extra/httpd-vhosts.conf.in
@@ -0,0 +1,41 @@
+# Virtual Hosts
+#
+# Required modules: mod_log_config
+
+# If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+#
+# VirtualHost example:
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for all requests that do not
+# match a ServerName or ServerAlias in any <VirtualHost> block.
+#
+<VirtualHost *:@@Port@@>
+ ServerAdmin webmaster@dummy-host.example.com
+ DocumentRoot "@@ServerRoot@@/docs/dummy-host.example.com"
+ ServerName dummy-host.example.com
+ ServerAlias www.dummy-host.example.com
+ ErrorLog "@rel_logfiledir@/dummy-host.example.com-error_log"
+ CustomLog "@rel_logfiledir@/dummy-host.example.com-access_log" common
+</VirtualHost>
+
+<VirtualHost *:@@Port@@>
+ ServerAdmin webmaster@dummy-host2.example.com
+ DocumentRoot "@@ServerRoot@@/docs/dummy-host2.example.com"
+ ServerName dummy-host2.example.com
+ ErrorLog "@rel_logfiledir@/dummy-host2.example.com-error_log"
+ CustomLog "@rel_logfiledir@/dummy-host2.example.com-access_log" common
+</VirtualHost>
+
+
+
diff --git a/docs/conf/extra/proxy-html.conf.in b/docs/conf/extra/proxy-html.conf.in
new file mode 100644
index 0000000..683a091
--- /dev/null
+++ b/docs/conf/extra/proxy-html.conf.in
@@ -0,0 +1,90 @@
+# Configuration example.
+#
+# For detailed information about these directives see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html>
+# and for mod_xml2enc see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_xml2enc.html>
+#
+# First, to load the module with its prerequisites. Note: mod_xml2enc
+# is not always necessary, but without it mod_proxy_html is likely to
+# mangle pages in encodings other than ASCII or Unicode (utf-8).
+#
+# For Unix-family systems:
+# LoadFile /usr/lib/libxml2.so
+# LoadModule proxy_html_module modules/mod_proxy_html.so
+# LoadModule xml2enc_module modules/mod_xml2enc.so
+#
+# For Windows (I don't know if there's a standard path for the libraries)
+# LoadFile C:/path/zlib.dll
+# LoadFile C:/path/iconv.dll
+# LoadFile C:/path/libxml2.dll
+# LoadModule proxy_html_module modules/mod_proxy_html.so
+# LoadModule xml2enc_module modules/mod_xml2enc.so
+#
+# All knowledge of HTML links has been removed from the mod_proxy_html
+# code itself, and is instead read from httpd.conf (or included file)
+# at server startup. So you MUST declare it. This will normally be
+# at top level, but can also be used in a <Location>.
+#
+# Here's the declaration for W3C HTML 4.01 and XHTML 1.0
+
+ProxyHTMLLinks a href
+ProxyHTMLLinks area href
+ProxyHTMLLinks link href
+ProxyHTMLLinks img src longdesc usemap
+ProxyHTMLLinks object classid codebase data usemap
+ProxyHTMLLinks q cite
+ProxyHTMLLinks blockquote cite
+ProxyHTMLLinks ins cite
+ProxyHTMLLinks del cite
+ProxyHTMLLinks form action
+ProxyHTMLLinks input src usemap
+ProxyHTMLLinks head profile
+ProxyHTMLLinks base href
+ProxyHTMLLinks script src for
+
+# To support scripting events (with ProxyHTMLExtended On),
+# you'll need to declare them too.
+
+ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
+ onmouseover onmousemove onmouseout onkeypress \
+ onkeydown onkeyup onfocus onblur onload \
+ onunload onsubmit onreset onselect onchange
+
+# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML,
+# you'll need to uncomment the following deprecated link attributes.
+# Note that these are enabled in earlier mod_proxy_html versions
+#
+# ProxyHTMLLinks frame src longdesc
+# ProxyHTMLLinks iframe src longdesc
+# ProxyHTMLLinks body background
+# ProxyHTMLLinks applet codebase
+#
+# If you're dealing with proprietary HTML variants,
+# declare your own URL attributes here as required.
+#
+# ProxyHTMLLinks myelement myattr otherattr
+#
+###########
+# EXAMPLE #
+###########
+#
+# To define the URL /my-gateway/ as a gateway to an appserver with address
+# http://some.app.intranet/ on a private network, after loading the
+# modules and including this configuration file:
+#
+# ProxyRequests Off <-- this is an important security setting
+# ProxyPass /my-gateway/ http://some.app.intranet/
+# <Location /my-gateway/>
+# ProxyPassReverse /
+# ProxyHTMLEnable On
+# ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/
+# ProxyHTMLURLMap / /my-gateway/
+# </Location>
+#
+# Many (though not all) real-life setups are more complex.
+#
+# See the documentation at
+# http://apache.webthing.com/mod_proxy_html/
+# and the tutorial at
+# http://www.apachetutor.org/admin/reverseproxies