Commit 6cd688f9 authored by Leigh B Stoller's avatar Leigh B Stoller

Start on the move from Apache 1.3 to 2.2 ...

* The httpd.conf file I started with came from Dave's linux-port branch,
  and subsequently whacked for FreeBSD installation. Sorry for not using
  git to bring the base version in.

* Configure changes to determine what version of apache is installed, and
  modify behaviour in makefiles accordingly.

* Along with Apache 2.2 comes the latest version of PHP5, and that requires
  a bogus timezone directive in php.ini to prevent endless warnings. So I
  moved the entire php,ini install from ops/boss-install to here.

Note that I had to use the 8.2 ports tree to build this stuff, and it the
usual headache cause options and directives have changed.
parent 850ceda0
......@@ -86,6 +86,7 @@ BRAINSTEM_DIR = @BRAINSTEM_DIR@
WITH_EMULAB = @WITH_EMULAB@
OPSVM_ENABLE = @OPSVM_ENABLE@
OPSVM_MOUNTPOINT= @OPSVM_MOUNTPOINT@
APACHE_VERSION = @APACHE_VERSION@
host_cpu = @host_cpu@
......
#
# EMULAB-COPYRIGHT
# Copyright (c) 2002-2010 University of Utah and the Flux Group.
# Copyright (c) 2002-2011 University of Utah and the Flux Group.
# All rights reserved.
#
#
......@@ -22,7 +22,18 @@ endif
include $(OBJDIR)/Makeconf
CONFIG_FILES = httpd.conf httpd.conf-ops
CONFIG_FILES = httpd.conf-ops php.ini
#
# Move to Apache 22 ...
#
ifeq ($(APACHE_VERSION),22)
CONFIG_FILES += httpd.conf-v2
SCRIPT_HACK = 0
else
CONFIG_FILES += httpd.conf-v1
endif
INSTALL_PHP_CONFIG = /usr/local/etc
#
# Force dependencies to make sure configure regenerates if the .in file
......@@ -46,8 +57,10 @@ $(INSTALL_APACHE_CONFIG)/%: %
#
# XXX ugh, do the same thing to detect php5...
#
httpd.conf.fixed: httpd.conf
-@cp httpd.conf httpd.conf.fixed
# Note that ths is not needed for apache22.
#
httpd.conf.fixed: httpd.conf-v1
-@cp httpd.conf-v1 httpd.conf.fixed
@if [ -x /usr/local/libexec/apache/mod_auth_mysql.so ]; then \
sed -i "" -e '/^LoadModule auth_mysql/s/libauth/mod_auth/' httpd.conf.fixed; \
echo "Updated httpd.conf for auth_mysql"; \
......@@ -92,14 +105,22 @@ ifeq ($(SCRIPT_HACK),1)
$(INSTALL) -m 755 $(SRCDIR)/apache-emulab /usr/local/etc/rc.d/apache.sh
endif
ifeq ($(APACHE_VERSION),22)
install: install-dirs install-scripts httpd.conf-v2
$(INSTALL_DATA) httpd.conf-v2 $(INSTALL_APACHE_CONFIG)/httpd.conf
else
install: install-dirs install-scripts httpd.conf.fixed
$(INSTALL_DATA) httpd.conf.fixed $(INSTALL_APACHE_CONFIG)/httpd.conf
endif
control-install: install-dirs install-scripts httpd.conf-ops.fixed
$(INSTALL_DATA) httpd.conf-ops.fixed $(INSTALL_APACHE_CONFIG)/httpd.conf
install-php-ini: php.ini
$(INSTALL_DATA) php.ini $(INSTALL_PHP_CONFIG)/php.ini
else
install-scripts install control-install:
@echo "Cannot install Apache config in dev tree"
endif
clean:
rm -f $(CONFIG_FILES) *.fixed php.ini
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd/logs/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# Don't give away too much information about all the subcomponents
# we are running. Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
ServerTokens OS
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/usr/local"
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /var/run/httpd.pid
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 30
MinSpareServers 30
MaxSpareServers 45
ServerLimit 200
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers 5
MaxClients 150
MinSpareThreads 15
MaxSpareThreads 50
ThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module libexec/apache22/mod_foo.so
#
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so
LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authn_alias_module libexec/apache22/mod_authn_alias.so
LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so
LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so
LoadModule authn_default_module libexec/apache22/mod_authn_default.so
LoadModule authz_host_module libexec/apache22/mod_authz_host.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so
LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so
LoadModule authz_default_module libexec/apache22/mod_authz_default.so
#LoadModule ldap_module libexec/apache22/mod_ldap.so
#LoadModule authnz_ldap_module libexec/apache22/mod_authnz_ldap.so
LoadModule include_module libexec/apache22/mod_include.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so
#LoadModule ext_filter_module libexec/apache22/mod_ext_filter.so
LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so
LoadModule expires_module libexec/apache22/mod_expires.so
LoadModule deflate_module libexec/apache22/mod_deflate.so
LoadModule headers_module libexec/apache22/mod_headers.so
LoadModule usertrack_module libexec/apache22/mod_usertrack.so
LoadModule setenvif_module libexec/apache22/mod_setenvif.so
LoadModule mime_module libexec/apache22/mod_mime.so
LoadModule dav_module libexec/apache22/mod_dav.so
LoadModule status_module libexec/apache22/mod_status.so
LoadModule autoindex_module libexec/apache22/mod_autoindex.so
LoadModule info_module libexec/apache22/mod_info.so
LoadModule dav_fs_module libexec/apache22/mod_dav_fs.so
LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so
LoadModule negotiation_module libexec/apache22/mod_negotiation.so
LoadModule dir_module libexec/apache22/mod_dir.so
LoadModule actions_module libexec/apache22/mod_actions.so
LoadModule speling_module libexec/apache22/mod_speling.so
LoadModule userdir_module libexec/apache22/mod_userdir.so
LoadModule alias_module libexec/apache22/mod_alias.so
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
#LoadModule proxy_module libexec/apache22/mod_proxy.so
#LoadModule proxy_balancer_module libexec/apache22/mod_proxy_balancer.so
#LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so
#LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so
#LoadModule proxy_connect_module libexec/apache22/mod_proxy_connect.so
LoadModule cache_module libexec/apache22/mod_cache.so
LoadModule suexec_module libexec/apache22/mod_suexec.so
LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so
#LoadModule file_cache_module libexec/apache22/mod_file_cache.so
#LoadModule mem_cache_module libexec/apache22/mod_mem_cache.so
LoadModule cgi_module libexec/apache22/mod_cgi.so
#
# The following modules are not loaded by default:
#
#LoadModule cern_meta_module libexec/apache22/mod_cern_meta.so
#LoadModule asis_module libexec/apache22/mod_asis.so
#
# Load config files from the config directory "/etc/httpd/conf.d".
#
# DO NOT DO this in the Emulab world -- if local admin wants to screw with it,
# they can -- but we just pull everything we need into one file. We pull in
# php stuff here; ssl stuff comes later.
#
#Include conf.d/*.conf
#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#
LoadModule php5_module libexec/apache22/libphp5.so
#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php5-script .php .php3
AddType text/html .php .php3
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php
#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
AddType application/x-httpd-php-source .phps .php3s
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User nobody
Group nobody
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin @TBOPSEMAIL_NOSLASH@
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
#ServerName www.example.com:80
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName On
#
# Turn off the TRACE and TRACK debug methods. These have apparently
# been shown to support other XSS vulnerabilities (caught by nessus)
#
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "@prefix@/www/"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# When granting access, try to minimize the number of entries and hence
# complexity of the config file. Also, remember these rules:
#
# 1) <directory> directive options & authconfigs are inherited by subdirs
# 2) Putting a '+' before an option on the 'Options' line adds it to the
# existing set (likely inherited from a dir below it).
# 3) Putting a '-' before an option removes it from the existing options set.
# 4) The 'AllowOverride' directive describes how a .htaccess file can
# override configuration file settings for a directory.
# 5) Allowing a .htaccess file to override 'options' is a security hazard.
#
# People who are involved with testbed devel can get at
# stuff under /usr/testbed, but not "outsiders". If exceptions need
# to be made under /usr/testbed, create a <Directory> entry for them
# below. Try to work under the least req'd privilige model whenever
# possible. Add people's cable modems, etc. that need general devel
# access to the /usr/testbed <Directory> entry.
#
<Directory @prefix@>
Order allow,deny
deny from all
# utah emulab subnets
allow from 155.98.32.0/255.255.252.0
# utah flux subnet
allow from 155.98.60.
</Directory>
<Directory @prefix@/webglimpse>
Options All MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory @prefix@/www/cricket>
Options ExecCGI SymLinksIfOwnerMatch
AddHandler cgi-script .cgi
</Directory>
<Directory @prefix@/devel/*/www>
Options +ExecCGI
AllowOverride All
</Directory>
<Directory @prefix@/www/webdb>
AllowOverride None
Order deny,allow
deny from all
</Directory>
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "@prefix@/www">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options All +MultiViews -Indexes
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
<IfModule mod_dir.c>
DirectoryIndex index.php index.php3 index.html
</IfModule>
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
TypesConfig /usr/local/etc/apache22/mime.types
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile /usr/local/etc/apache22/magic
</IfModule>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
#
# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
#
#EnableMMAP off
#
# EnableSendfile: Control whether the sendfile kernel support is
# used to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
#
#EnableSendfile off
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog @prefix@/log/apache_error_log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
# requires the mod_logio module to be loaded.
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access_log common
#
# If you would like to have separate agent and referer logfiles, uncomment
# the following directives.
#
#CustomLog @prefix@/log/apache_referer_log referer
#CustomLog @prefix@/log/apache_agent_log agent
#
# For a single logfile with access, agent, and referer information
# (Combined Logfile Format), use the following directive:
#
CustomLog @prefix@/log/apache_access_log combined
#
# Optionally add a line containing the server version and virtual host