[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] RAQ 3i httpd.conf file needed
- Subject: RE: [cobalt-users] RAQ 3i httpd.conf file needed
- From: Glenn Parsons <gparsons@xxxxxxxxxxxxx>
- Date: Wed Mar 19 10:41:02 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
At 12:24 PM 3/19/2003 -0500, you wrote:
Come on guys - I've got a server down and need this. Pretty please????
Michael D. Bathrick
Hello Michael,
Sorry, I saw you earlier, but lost my train of thought.
---- Begin httpd.conf ---------
##
## httpd.conf -- Apache HTTP server configuration file
##
# This is the main server configuration file. See URL http://www.apache.org/
# fo: instructions.
# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.
# Originally by Rob McCool
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
#
# Documentation for modules is in "/home/httpd/manual/mod" in HTML format.
# Extra Modules
#LoadModule php_module modules/mod_php.so
#LoadModule php3_module modules/libphp3.so
#LoadModule perl_module /usr/lib/apache/libperl.so
# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
#ClearModuleList
# Extra Modules
#AddModule mod_php.c
#AddModule mod_php3.c
#AddModule mod_perl.c
# ServerType is either inetd, or standalone.
ServerType standalone
# If you are running from inetd, go to "ServerAdmin".
# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.
Port 80
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.
HostnameLookups off
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group nobody on these systems!
User httpd
Group httpd
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin admin@
# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.
ServerRoot /etc/httpd
# BindAddress: You can support virtual hosts with this option. This option
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.
#BindAddress *
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.
ErrorLog /var/log/httpd/error
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
CustomLog /var/log/httpd/access combined
# If you would like to have an agent and referer logfile uncomment the
# following directives.
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog logs/access_log combined
# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /var/log/httpd/httpd_status
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
#LockFile /var/lock/httpd.lock
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
ServerName onpaper.1bigthink.com
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName on
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---
MinSpareServers 5
MaxSpareServers 10
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 5
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...
MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.
MaxRequestsPerChild 30
# Proxy Server directives. Uncomment the following line to
# enable the proxy server:
#ProxyRequests On
# To enable the cache as well, edit and uncomment the following lines:
#CacheRoot /var/cache/httpd
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a_domain.com another_domain.edu joes.garage_sale.com
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the VirtualHost command
Listen 80
# global ssl setup
<IfModule mod_ssl.c>
SSLSessionCache dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
# Location of a secondary signing authority certificate. Uncomment and edit
# the location if necessary if you install a secondary certificate.
#SSLCACertificateFile /etc/httpd/conf/ca-bundle
</IfModule>
# uncomment this for debugging
#
#PerlModule Apache::Status
#<Location /mod_perl/>
#SetHandler perl-script
#PerlHandler Apache::Status
#</Location>
<Perl>
use Apache::PerlSections();
use Cobalt::Ssl;
# Only a temp variable until we go the whole hog.
my (@ssl_conf,$ip,$group,$rewrite_rules,$proto,$ret);
open(HTTPD_CONF,"/etc/httpd/conf/httpd.conf") ||
die "What ? We can't read our own configuration file?: $!";
# O.K. What we bassically want to do is build up new section in the conf file
# for SSL sections.
while(<HTTPD_CONF>) {
if (/^<VirtualHost [\d\.]+>$/ ... /^<\/VirtualHost>$/) {
if ( /^<VirtualHost ([\d\.]+)>/o ) {
# New section. Clean up.
$ip = $1;
@ssl_conf = ();
$group = undef;
}
# Skip this bit, we don't need it now..
next if (/^<VirtualHost/);
# Just need to grab the group name out before we get on with
# the real work.
if ( /DocumentRoot \/home\/sites\/([^\/]+)\/web/ ){
$group = $1;
}
# These two are for the rewrite options
s/http/https/go if (/^Rewrite/);
s/80/443/go if (/^Rewrite/);
push @ssl_conf, $_;
# Hardcoded, issues with mod_perl and cobalt modules.
if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
$ret = ssl_cert_check("/home/sites/$group/certs/");
if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile
/home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile
/home/sites/$group/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile
/home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile
/home/sites/home/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
}
}
}
}
close HTTPD_CONF;
# O.K. Now we're done with that ugliness the Rewrite rules to provide
transistion
# from the user to the admin server need to be different depending on
whether we have
# ssl active or not.
if ( ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$proto = 'https';
} else {
$proto = 'http';
}
# This many seem a little tortured as a way to do this, but the
# quoting is hell.
$rewrite_rules =
'RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteCond %{DOCUMENT_ROOT} !-d
RewriteRule
.*
proto://servername:81/.cobalt/error/forbidden.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule
^/admin/?$
proto://servername:81/.cobalt/sysManage/index.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule
^/siteadmin/?$
proto://servername:81/.cobalt/siteManage/%1/index.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule
^/personal/?$
proto://servername:81/.cobalt/personal/index.html [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/.cobalt/(.+) proto://servername:81/.cobalt/$1 [L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule
^/cgi-bin/.cobalt/(.+) proto://servername:81/cgi-bin/.cobalt/$1 [L,R]
';
$rewrite_rules =~ s/servername/%1/g;
$rewrite_rules =~ s/proto/$proto/g;
$PerlConfig .= $rewrite_rules;
if ( -f "/etc/DEBUG" ) {
print STDERR Apache::PerlSections->dump();
}
</Perl>
# VirtualHost: Allows the daemon to respond to requests for more than one
# server address, if your server machine is configured to accept IP packets
# for multiple addresses. This can be accomplished with the ifconfig
# alias flag, or through kernel patches like VIF.
# Any httpd.conf or srm.conf directive may go into a VirtualHost command.
# See also the BindAddress entry.
#<VirtualHost host.some_domain.com>
#ServerAdmin webmaster@xxxxxxxxxxxxxxxxxxxx
#DocumentRoot /www/docs/host.some_domain.com
#ServerName host.some_domain.com
#ErrorLog logs/host.some_domain.com-error_log
#TransferLog logs/host.some_domain.com-access_log
#</VirtualHost>
Include /etc/httpd/conf/jserv/jserv.conf
ApJServAction .jhtml /servlets/org.apache.servlet.ssi.SSI
NameVirtualHost 10.0.2.14
<VirtualHost 10.0.2.14>
ServerName onpaper.1bigthink.com
ServerAdmin admin
DocumentRoot /home/sites/home/web
RewriteEngine on
RewriteCond %{HTTP_HOST} !^10.0.2.14(:80)?$
RewriteCond %{HTTP_HOST} !^onpaper.1bigthink.com(:80)?$
RewriteRule ^/(.*) http://onpaper.1bigthink.com/$1 [L,R]
RewriteOptions inherit
AliasMatch ^/~([^/]+)(/(.*))? /home/sites/home/users/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /home/sites/home/users/$1/web/$3
AddHandler server-parsed .shtml
AddType text/html .shtml
</VirtualHost>
---- End httpd.conf ---------
Cheers,
Glenn