From patchwork Mon Apr 12 21:01:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4152 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FK1Ph4dwrz3yBW for ; Mon, 12 Apr 2021 21:01:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FK1Ph1HTwzjv; Mon, 12 Apr 2021 21:01:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FK1Ph0nCRz2yk9; Mon, 12 Apr 2021 21:01:44 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FK1Pg0W5Fz2xbr for ; Mon, 12 Apr 2021 21:01:43 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FK1Pf1D4jzjZ for ; Mon, 12 Apr 2021 21:01:41 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1618261302; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xHTtJ8IEMni3aoC8ACItiBV44Eg1pCLwbzNp2h86y8c=; b=iEPN2lUHxI2ZwzBvrgu75OZJoXRcepmSx2XzHZvVUzevXTz/v6S//n2nkrpwIXS9j2aShD 8zS3iPo09CmqWPBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1618261302; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xHTtJ8IEMni3aoC8ACItiBV44Eg1pCLwbzNp2h86y8c=; b=qzkvAssKgNjVOGxHNu+Vf3uufd2pd6Ct1ZlNEhGahEUeYRZqUcvmsBkt4TmC+1aF9ijdoe mEeqRyNB0y8KSpsXy7XzrcUcbhArsSySm3buiarsGEJzC6dPdRfnf/NXf7YXO8DfolGkrK kZPe2sBDy37qiHm9PwcieJkAlIY/IUHv/z0+ZYgY9Dph4P5ENyBXJ4SKK6RPvs8YYdLXWw THOdrL0NEN1v2lctCE/j3iN3kHnjEzQKev2oEINbqItjui7YP4VIRho9ZAnzY4n2pPrti+ T+M94XsHRtTP8gR5/vEpV+tmgsN5+dlX7CsjRtAWrwrz4kYspmc8BgVXWTuKjw== Subject: [PATCH 4/4] httpd: delete comment blocks and unused directives from our configuration To: development@lists.ipfire.org References: <0b270dd5-9a61-2901-c75e-8698dd4373e8@ipfire.org> <8698f06c-19c9-1680-f179-4d50c00bed1a@ipfire.org> <5251bce1-49af-64e5-a858-5e33210d9e6b@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <1bfb3e68-b349-133c-8f57-c0de4311db8d@ipfire.org> Date: Mon, 12 Apr 2021 23:01:41 +0200 MIME-Version: 1.0 In-Reply-To: <5251bce1-49af-64e5-a858-5e33210d9e6b@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- config/httpd/default-server.conf | 3 -- config/httpd/httpd.conf | 81 +++----------------------------- config/httpd/mod_log_config.conf | 33 +------------ config/httpd/ssl-global.conf | 45 ++---------------- 4 files changed, 13 insertions(+), 149 deletions(-) diff --git a/config/httpd/default-server.conf b/config/httpd/default-server.conf index db082298a..e82dfa088 100644 --- a/config/httpd/default-server.conf +++ b/config/httpd/default-server.conf @@ -2,7 +2,4 @@ # Global configuration that will be applicable for all virtual hosts, unless # deleted here, or overriden elswhere. # - DocumentRoot /srv/web/ipfire/html - -#Include /etc/httpd/conf/conf.d/*.conf diff --git a/config/httpd/httpd.conf b/config/httpd/httpd.conf index 14dcc735c..c694bffe2 100644 --- a/config/httpd/httpd.conf +++ b/config/httpd/httpd.conf @@ -1,37 +1,4 @@ -# -# /etc/httpd/conf/httpd.conf -# -# This is the main Apache2 server configuration file for IPFire. -# Plese do not change this file! - -# Overview of include files, chronologically: -# -# httpd.conf -# | -# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under -# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) -# |-- loadmodule.conf . . . . . . . . . . . load these modules -# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on -# |-- mod_log_config.conf . . . . . . . . . define logging formats -# |-- sysconfig.d/global.conf . . . . . . . server-wide general settings -# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) -# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info -# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking -# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings -# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration -# |-- errors.conf . . . . . . . . . . . . . customize error responses -# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts -# | -# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests -# | -# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here -# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) -# - -### Global Environment ###################################################### -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests. +# Apache2 server configuration file for IPFire # run under this user/group id Include /etc/httpd/conf/uid.conf @@ -40,17 +7,13 @@ Include /etc/httpd/conf/uid.conf # - usage of KeepAlive Include /etc/httpd/conf/server-tuning.conf -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. +# ErrorLog: The location of the error log file ErrorLog /var/log/httpd/error_log # Load Modules here Include /etc/httpd/conf/loadmodule.conf -# IP addresses / ports to listen on +# IP addresses and ports to listen on Include /etc/httpd/conf/listen.conf # predefined logging formats @@ -59,15 +22,10 @@ Include /etc/httpd/conf/mod_log_config.conf # global settings Include /etc/httpd/conf/global.conf -# optional mod_status, mod_info -#Include /etc/httpd/conf/mod_status.conf -#Include /etc/httpd/conf/mod_info.conf - # associate MIME types with filename extensions TypesConfig /etc/mime.types -# global (server-wide) SSL configuration, that is not specific to -# any virtual host +# global (server-wide) SSL configuration, that is not specific to any virtual host Include /etc/httpd/conf/ssl-global.conf @@ -85,35 +43,10 @@ AccessFileName .htaccess # List of resources to look for when the client requests a directory DirectoryIndex index.html index.htm index.shtml index.cgi -### 'Main' server configuration ############################################# -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# +# 'Main' server configuration Include /etc/httpd/conf/default-server.conf - -### Virtual server configuration ############################################ -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. -# +# Virtual server configuration Include /etc/httpd/conf/vhosts.d/*.conf -# Dummy LoadModule directive to aid module installations -#LoadModule dummy_module /usr/lib/apache2/modules/mod_dummy.so +# EOF diff --git a/config/httpd/mod_log_config.conf b/config/httpd/mod_log_config.conf index 89ad09a80..94151c29d 100644 --- a/config/httpd/mod_log_config.conf +++ b/config/httpd/mod_log_config.conf @@ -1,31 +1,2 @@ -# -# The following directives define some format nicknames for use with -# a CustomLog directive. -# - -# -# Format string: Nickname: -# -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -LogFormat "%h %l %u %t \"%r\" %>s %b \ -\"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%v %h %l %u %t \"%r\" %>s %b \ -\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined - -# To use %I and %O, you need to enable mod_logio - -LogFormat "%h %l %u %t \"%r\" %>s %b \ -\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - -# Use one of these when you want a compact non-error SSL logfile on a virtual -# host basis: - -Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ -\"%r\" %b" ssl_common -Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ -\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined - +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined diff --git a/config/httpd/ssl-global.conf b/config/httpd/ssl-global.conf index 154815cea..0c3a96a6c 100644 --- a/config/httpd/ssl-global.conf +++ b/config/httpd/ssl-global.conf @@ -1,54 +1,17 @@ -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# These are the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. - - # - # Some MIME-types for downloading Certificates and CRLs - # + # Some MIME-types for downloading Certificates and CRLs AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl - # Pass Phrase Dialog: - # Configure the pass phrase gathering process. - # The filtering dialog program (`builtin' is a internal - # terminal dialog) has to provide the pass phrase on stdout. + # Pass Phrase Dialog SSLPassPhraseDialog builtin - # Inter-Process Session Cache: - # Configure the SSL Session Cache: First the mechanism - # to use and second the expiring timeout (in seconds). - # shm means the same as shmht. - # Note that on most platforms shared memory segments are not allowed to be on - # network-mounted drives, so in that case you need to use the dbm method. - #SSLSessionCache none - #SSLSessionCache dbm:/var/log/httpd/ssl_scache - #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000) + # Inter-Process Session Cache SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000) SSLSessionCacheTimeout 900 - # Pseudo Random Number Generator (PRNG): - # Configure one or more sources to seed the PRNG of the - # SSL library. The seed data should be of good random quality. - # WARNING! On some platforms /dev/random blocks if not enough entropy - # is available. This means you then cannot use the /dev/random device - # because it would lead to very long connection times (as long as - # it requires to make more entropy available). But usually those - # platforms additionally provide a /dev/urandom device which doesn't - # block. So, if available, use this one instead. Read the mod_ssl User - # Manual for more details. + # Pseudo Random Number Generator (PRNG) SSLRandomSeed startup builtin SSLRandomSeed connect builtin