Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
403 lines (336 sloc) 11.1 KB
###################################################################
#
# .___ /\ __ __ .__
# __| _/____ ___)// |_ _/ |_ ____ __ __ ____ | |__
# / __ |/ _ \ / \ __\ \ __\/ _ \| | \_/ ___\| | \
# / /_/ ( <_> ) | \ | | | ( <_> ) | /\ \___| Y \
# \____ |\____/|___| /__| |__| \____/|____/ \___ >___| /
# \/ \/ \/ \/
#
###################################################################
# Make all local changes to httpd-custom.conf
###################################################################
ServerRoot "/etc/httpd"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
GracefulShutdownTimeout 15
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule auth_basic_module modules/mod_auth_basic.so
<IfDefine !NO_CACHE>
LoadModule cache_module modules/mod_cache.so
<IfDefine !CACHE_MEMORY>
LoadModule cache_disk_module modules/mod_cache_disk.so
</IfDefine>
<IfDefine CACHE_BOTH>
LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
</IfDefine>
<IfDefine CACHE_MEMORY>
LoadModule cache_socache_module modules/mod_cache_socache.so
</IfDefine>
</IfDefine>
<IfDefine SSI>
LoadModule include_module modules/mod_include.so
</IfDefine>
LoadModule deflate_module modules/mod_deflate.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<IfDefine !NO_SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
LoadModule mime_module modules/mod_mime.so
<IfDefine STATUS>
LoadModule status_module modules/mod_status.so
</IfDefine>
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgid_module modules/mod_cgid.so
<IfDefine DAV>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
</IfDefine>
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
# 2.4 Modules
<IfDefine !PREFORK>
LoadModule mpm_event_module modules/mod_mpm_event.so
</IfDefine>
<IfDefine PREFORK>
# Note, requires a rebuild of PHP
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
</IfDefine>
LoadModule filter_module modules/mod_filter.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule http2_module modules/mod_http2.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
<IfDefine BROTLI>
LoadModule brotli_module modules/mod_brotli.so
</IfDefine>
#
###########################################################################
# Custom modules will be added by apxs below here and carried over
# between httpd package upgrades. You must leave this "MODULE_MARKER" marker
#
# Only modules loaded with a "LoadModule" directive are carried over.
# Make all module configuration changes to httpd-custom.conf
###########################################################################
# MODULE_MARKER
User apache
Group apache
# Check for PHP presence
<IfModule php7_module>
Define PHP_INSTALLED
</IfModule>
<IfModule php5_module>
Define PHP_INSTALLED
</IfModule>
<IfModule php8_module>
Define PHP_INSTALLED
</IfModule>
<IfDefine !PHP_INSTALLED>
<Files "*.php">
Deny from all
</Files>
</IfDefine>
DocumentRoot "/var/www/html"
Timeout 30
ServerTokens Prod
KeepAliveTimeout 3
ServerSignature Off
UseCanonicalName off
PidFile run/httpd.pid
<IfDefine !OVERRIDE_POLICY>
Define OVERRIDE_POLICY "AuthConfig FileInfo Indexes Limit Options=Indexes,MultiViews,ExecCGI,SymLinksIfOwnerMatch"
</IfDefine>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/virtual/site*/fst/var/subdomain/*/html>
AllowOverride ${OVERRIDE_POLICY}
Options SymLinksIfOwnerMatch
</Directory>
<Directory /home/virtual/site*/fst/home/*>
AllowOverride ${OVERRIDE_POLICY}
Options SymLinksIfOwnerMatch
</Directory>
<Directory /home/virtual/site*/fst/var/www>
AllowOverride ${OVERRIDE_POLICY}
Options SymLinksIfOwnerMatch
</Directory>
<IfDefine PHP_INSTALLED>
php_admin_value open_basedir "/var/www:/tmp:/usr:/.socket"
php_admin_value disable_functions "posix_getpwnam,syslog"
php_admin_value memory_limit 192M
</IfDefine>
<Directory /var/www/html>
<IfDefine PHP_INSTALLED>
php_admin_value open_basedir "/var/www:/etc:/var/lib:/tmp:/usr:/.socket"
php_value upload_max_filesize 64M
</IfDefine>
AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,MultiViews,SymLinksIfOwnerMatch
Options FollowSymLinks
RewriteOptions InheritBefore
RewriteBase "/var/www/html"
RewriteRule dummyset\.php$ /var/www/html/dummyset.php [L]
</Directory>
<DirectoryMatch "^/var/www/html/(?:horde|roundcube|webmail|mail|phpMyAdmin|phpPgAdmin)">
RewriteCond %{HTTPS} !^on$
RewriteRule ^/var/www/html/(.*)$ https://%{ENV:HOSTNAME}/$1 [R=307,L]
</DirectoryMatch>
<IfModule mod_status.c>
ExtendedStatus on
<Location /server-status>
SetHandler server-status
</Location>
</IfModule>
DirectoryIndex index.html index.php index.fcgi
<IfModule include_module>
DirectoryIndex index.shtml
</IfModule>
HostnameLookups off
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".*">
Order allow,deny
Deny from all
Satisfy All
</Files>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType image/svg+xml svg svgz
AddOutputFilter INCLUDES shtml
</IfModule>
IndexOptions FancyIndexing HTMLTable VersionSort
EnableSendfile on
EnableMMAP on
<IfModule dav_module>
DavLockDB "/var/lib/dav/"
</IfModule>
<IfModule mpm_prefork_module>
ServerLimit 256
StartServers 5
MinSpareServers 10
MaxSpareServers 30
MaxClients 200
MaxConnectionsPerChild 256
</IfModule>
# Start with 2 servers, up to 200 concurrent clients
# Maxed out, assuming 1 sec/request, a server could
# handle 17.2 million requests per day
# Tweak as necessary for larger environments
# NB: Each thread locks up to 2 MB via MaxMemFree
# In heavy traffic, low memory scenarios this can be burdensome
<IfModule mpm_event_module>
ServerLimit 10
StartServers 1
ThreadsPerChild 20
MaxRequestsPerChild 1024
MaxRequestWorkers 200
AsyncRequestWorkerFactor 2
</IfModule>
<IfModule mpm_worker_module>
StartServers 5
MaxClients 250
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxConnectionsPerChild 128
</IfModule>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
<IfModule ssl_module>
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/tmp/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLSessionTickets on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors on
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLStaplingCache shmcb:/tmp/ocsp(256000)
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors on
SSLCertificateFile /etc/ssl/certs/server.pem
</IfModule>
<IfModule http2_module>
Protocols h2 h2c http/1.1
ProtocolsHonorOrder Off
</IfModule>
AddType text/xml .xml
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
AddHandler cgi-script .rb
RLimitCPU 60 120
RLimitMem 268435456
RLimitNProc 15 50
SetEnv PERL5LIB /usr/local/lib/perl5/site_perl
<IfDefine BROTLI>
AddOutputFilterByType BROTLI_COMPRESS text/html text/xml text/css text/plain text/javascript application/json application/javascript image/svg+xml
</IfDefine>
AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain text/javascript application/json application/javascript image/svg+xml
# shtml does not parse with Apache 2.2.17 and DEFLATE
<Files "*.shtml">
SetEnv no-gzip
</Files>
TraceEnable off
BufferedLogs on
LogFormat "%{SITE_ID}e %{%s}t %I %O %V" bandwidth
LogFormat "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/access_log combined
ErrorLog logs/error_log
LogLevel notice
# BEGIN DOMAIN REWRITES
Include conf/httpd-apnscp-rewrite-map.conf
# END DOMAIN REWRITES
<Directory /tmp>
AllowOverride None
</Directory>
<IfModule cgid_module>
ScriptSock /.socket/fcgi/cgid.sock
</IfModule>
<IfDefine CORE>
CoreDumpDirectory /tmp
</IfDefine>
Define VIRTUAL_BASE /home/virtual
# BEGIN COMMON ASSETS
<DirectoryMatch "^${VIRTUAL_BASE}/site[0-9]+/fst/(?:var/www|home/[^/]*)/.+/(.*/)?(?:wp-content/uploads/|wp-content/cache|cache/|sites/default/).*$">
RemoveHandler .pl .py .cgi
RemoveType .php
AllowOverride None
</DirectoryMatch>
# END COMMON ASSETS
# BEGIN PHP CONFIG
# Override via httpd-custom.conf
<IfDefine PHP_INSTALLED>
php_admin_value memory_limit 256m
php_admin_value mail.add_x_header 1
php_admin_value opcache.restrict_api "/tmp"
</IfDefine>
# END PHP CONFIG
<IfModule cache_socache_module>
CacheEnable socache /
CacheSocache shmcb
CacheSocacheMaxSize 102400
</IfModule>
<IfModule cache_disk_module>
CacheEnable disk /
CacheRoot /var/cache/httpd/cache-root
CacheDirLength 2
</IfModule>
<IfModule cache_module>
# A page modified 100 minutes ago will expire in 10 minutes
CacheLastModifiedFactor .1
# Always check again after 6 hours
CacheMaxExpire 21600
# Allow allow/deny to work as expected
CacheQuickHandler off
CacheIgnoreHeaders Set-Cookie
# Disable caching by default, allow sites/locations to enroll independently
SetEnv no-cache
</IfModule>
# BEGIN AMENDMENTS
# END AMENDMENTS
IncludeOptional conf.d/*
Include conf/httpd-custom.conf
<IfModule cgroup_module>
Define NEED_CGROUP
</IfModule>
<IfModule passenger_module>
Define NEED_CGROUP
</IfModule>
IncludeOptional conf/virtual-httpd-built
You can’t perform that action at this time.