Nice and short httpd.conf... ServerType standalone ServerRoot "/var/www" PidFile logs/httpd.pid ScoreBoardFile logs/apache_runtime_status Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 0 MaxCPUPerChild 0 MaxDATAPerChild 0 MaxNOFILEPerChild 0 MaxRSSPerChild 0 MaxSTACKPerChild 0 LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so LoadModule php5_module /usr/local/lib/php-5.3/libphp5.so AddModule mod_php5.c Include /var/www/conf/modules/*.conf Port 80 <IfDefine SSL> Listen 80 Listen 443 </IfDefine> User www Group www ServerAdmin j...@secusrvr.com ServerName www.secusrvr.com DocumentRoot "/var/www/htdocs" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/htdocs"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> UserDir disabled DirectoryIndex index.php index.html AccessFileName .htaccess <Files .htaccess> Order allow,deny Deny from all </Files> UseCanonicalName On TypesConfig conf/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off ErrorLog logs/error_log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access_log common Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> IndexOptions FancyIndexing AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README HeaderName HEADER IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t AddEncoding x-compress Z AddEncoding x-gzip gz AddLanguage en .en AddLanguage fr .fr AddLanguage de .de AddLanguage da .da AddLanguage el .el AddLanguage it .it LanguagePriority en fr de AddType application/x-httpd-php .php BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 </Location> <IfDefine SSL> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfDefine> <IfModule mod_ssl.c> SSLPassPhraseDialog builtin SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex sem SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLRandomSeed startup file:/dev/arandom 512 SSLLog logs/ssl_engine_log SSLLogLevel info </IfModule> NameVirtualHost 208.79.92.130:443 NameVirtualHost 127.0.0.1:443 <VirtualHost *:443> DocumentRoot "/var/www/sites/secusrvr.com" ServerName secusrvr.com SSLEngine on SSLCertificateFile /etc/ssl/private/secusrvr.com.crt SSLCertificateKeyFile /etc/ssl/private/server.key SSLCACertificateFile /etc/ssl/private/gd_bundle.crt CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Directory "/var/www/sites/secusrvr.com"> allow from all Options +Indexes AllowOverride All </Directory> </VirtualHost> NameVirtualHost 208.79.92.130:80 NameVirtualHost 127.0.0.1:80 <VirtualHost *:80> DocumentRoot "/var/www/sites/johntate.org" ServerName johntate.org <Directory "/var/www/sites/johntate.org"> allow from all Options +Indexes AllowOverride All </Directory> </VirtualHost> NameVirtualHost 208.79.92.130:80 NameVirtualHost 127.0.0.1:80 <VirtualHost *:80> DocumentRoot "/var/www/sites/www.johntate.org" ServerName www.johntate.org <Directory "/var/www/sites/www.johntate.org"> allow from all Options +Indexes AllowOverride All </Directory> </VirtualHost> NameVirtualHost 208.79.92.130:80 NameVirtualHost 127.0.0.1:80 <VirtualHost *:80> DocumentRoot "/var/www/sites/www.secusrvr.com" ServerName www.secusrvr.com <Directory "/var/www/sites/www.seucsrvr.com"> allow from all Options +Indexes AllowOverride All </Directory> </VirtualHost>
On Fri, Apr 5, 2013 at 2:18 PM, John Tate <j...@johntate.org> wrote: > I think I have a problem with my defaults. I used to just have a default a > secusrvr.com. The default would point to /var/www/htdocs which redirects > to /var/www/sites/secusrvr.com which is for the virtualhost secusrvr.com. > I added johntate.org and www.johntate.org both under /var/www/sites/ > www.johntate.org and /var/www/sites/johntate.org but somehow even after > adding www.secusrvr.com, that domain through a browser redirects to > johntate.org. I'm getting these warnings: > # apachectl startssl > [Thu Apr 4 20:17:56 2013] [warn] module mod_php5.c is already added, > skipping > [Thu Apr 4 20:17:56 2013] [warn] module php5_module is already loaded, > skipping > [Thu Apr 4 20:17:56 2013] [warn] _default_ VirtualHost overlap on port > 80, the first has precedence > [Thu Apr 4 20:17:56 2013] [warn] _default_ VirtualHost overlap on port > 80, the first has precedence > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 208.79.92.130:443 has > no VirtualHosts > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 208.79.92.130:80 has no > VirtualHosts > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 208.79.92.130:80 has no > VirtualHosts > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 208.79.92.130:80 has no > VirtualHosts > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 127.0.0.1:443 has no > VirtualHosts > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 127.0.0.1:80 has no > VirtualHosts > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 127.0.0.1:80 has no > VirtualHosts > [Thu Apr 4 20:17:56 2013] [warn] NameVirtualHost 127.0.0.1:80 has no > VirtualHosts > /usr/sbin/apachectl startssl: httpd started > > > > Here is my /var/www/conf/httpd.conf > # $OpenBSD: httpd.conf,v 1.26 2009/06/03 18:28:21 robert Exp $ > # > # Based upon the NCSA server configuration files originally by Rob McCool. > # > # This is the main Apache server configuration file. It contains the > # configuration directives that give the server its instructions. > # See <URL:http://www.apache.org/docs/> for detailed information about > # the directives. > # > # Do NOT simply read the instructions in here without understanding > # what they do. They're here only as hints or reminders. If you are > unsure > # consult the online docs. You have been warned. > # > # After this file is processed, the server will look for and process > # /var/www/conf/srm.conf and then /var/www/conf/access.conf > # unless you have overridden these with ResourceConfig and/or > # AccessConfig directives here. > # > # The configuration directives are grouped into three basic sections: > # 1. Directives that control the operation of the Apache server process > as a > # whole (the 'global environment'). > # 2. Directives that define the parameters of the 'main' or 'default' > server, > # which responds to requests that aren't handled by a virtual host. > # These directives also provide default values for the settings > # of all virtual hosts. > # 3. Settings for virtual hosts, which allow Web requests to be sent to > # different IP addresses or hostnames and have them handled by the > # same Apache server process. > # > # Configuration and logfile names: If the filenames you specify for many > # of the server's control files begin with "/" (or "drive:/" for Win32), > the > # server will use that explicit path. If the filenames do *not* begin > # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" > # with ServerRoot set to "/usr/local/apache" will be interpreted by the > # server as "/usr/local/apache/logs/foo.log". > # > > ### Section 1: Global Environment > # > # The directives in this section affect the overall operation of Apache, > # such as the number of concurrent requests it can handle or where it > # can find its configuration files. > # > > # > # ServerType is either inetd, or standalone. Inetd mode is only supported > on > # Unix platforms. > # > ServerType standalone > > # > # ServerTokens is either Full, OS, Minimal, or ProductOnly. > # The values define what version information is returned in the > # Server header in HTTP responses. > # > # ServerTokens ProductOnly > > # > # ServerRoot: The top of the directory tree under which the server's > # configuration, error, and log files are kept. > # > # NOTE! If you intend to place this on an NFS (or otherwise network) > # mounted filesystem then please read the LockFile documentation > # (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>); > # you will save yourself a lot of trouble. > # > # Do NOT add a slash at the end of the directory path. > # > ServerRoot "/var/www" > > # > # The LockFile directive sets the path to the lockfile used when Apache > # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or > # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at > # its default value. The main reason for changing it is if the logs > # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL > # DISK. The PID of the main server process is automatically appended to > # the filename. > # > #LockFile logs/accept.lock > > # > # PidFile: The file in which the server should record its process > # identification number when it starts. > # > PidFile logs/httpd.pid > # > # ScoreBoardFile: File used to store internal server process information. > # Not all architectures require this. But if yours does (you'll know > because > # this file will be created when you run Apache) then you *must* ensure > that > # no two invocations of Apache share the same scoreboard file. > # > ScoreBoardFile logs/apache_runtime_status > > # > # In the standard configuration, the server will process httpd.conf, > # srm.conf, and access.conf in that order. The latter two files are > # now deprecated and not installed any more, as it is recommended that > # all directives be kept in a single file for simplicity. > # > #ResourceConfig conf/srm.conf > #AccessConfig conf/access.conf > > # > # Timeout: The number of seconds before receives and sends time out. > # > Timeout 300 > > # > # KeepAlive: Whether or not to allow persistent connections (more than > # one request per connection). Set to "Off" to deactivate. > # > KeepAlive On > > # > # MaxKeepAliveRequests: The maximum number of requests to allow > # during a persistent connection. Set to 0 to allow an unlimited amount. > # We recommend you leave this number high, for maximum performance. > # > MaxKeepAliveRequests 100 > > # > # KeepAliveTimeout: Number of seconds to wait for the next request from the > # same client on the same connection. > # > KeepAliveTimeout 15 > > # > # Server-pool size regulation. Rather than making you guess how many > # server processes you need, Apache dynamically adapts to the load it > # sees --- that is, it tries to maintain enough server processes to > # handle the current load, plus a few spare servers to handle transient > # load spikes (e.g., multiple simultaneous requests from a single > # Netscape browser). > # > # It does this by periodically checking how many servers are waiting > # for a request. If there are fewer than MinSpareServers, it creates > # a new spare. If there are more than MaxSpareServers, some of the > # spares die off. The default values in httpd.conf-dist are probably OK > # for most sites. > # > MinSpareServers 5 > MaxSpareServers 10 > > # > # Number of servers to start initially --- should be a reasonable ballpark > # figure. > # > StartServers 5 > > # > # Limit on total number of servers running, i.e., limit on the number > # of clients who can simultaneously connect --- if this limit is ever > # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. > # It is intended mainly as a brake to keep a runaway server from taking > # the system with it as it spirals down... > # > MaxClients 150 > > # > # MaxRequestsPerChild: the number of requests each child process is > # allowed to process before the child dies. The child will exit so > # as to avoid problems after prolonged use when Apache (and maybe the > # libraries it uses) leak memory or other resources. On most systems, this > # isn't really needed, but a few (such as Solaris) do have notable leaks > # in the libraries. > # > MaxRequestsPerChild 0 > > # > # MaxFOOPerChild: these directives set the current and hard rlimits for > # the child processes. Attempts to exceed them will cause the OS to > # take appropriate action. See the setrlimit(2) and signal(3). > # > MaxCPUPerChild 0 > MaxDATAPerChild 0 > MaxNOFILEPerChild 0 > MaxRSSPerChild 0 > MaxSTACKPerChild 0 > > # > # Listen: Allows you to bind Apache to specific IP addresses and/or > # ports, in addition to the default. See also the <VirtualHost> > # directive. > # > #Listen 3000 > #Listen 12.34.56.78:80 > > # > # BindAddress: You can support virtual hosts with this option. This > directive > # is used to tell the server which IP address to listen to. It can either > # contain "*", an IP address, or a fully qualified Internet domain name. > # See also the <VirtualHost> and Listen directives. > # > #BindAddress * > > # > # Dynamic Shared Object (DSO) Support > # > # To be able to use the functionality of a module which was built as a DSO > you > # have to place corresponding `LoadModule' lines at this location so the > # directives contained in it are actually available _before_ they are used. > # Please read the file README.DSO in the Apache 1.3 distribution for more > # details about the DSO mechanism and run `httpd -l' for the list of > already > # built-in (statically linked and thus always available) modules in your > httpd > # binary. > # > # Note: The order is which modules are loaded is important. Don't change > # the order below without expert advice. > # > # Example: > # LoadModule foo_module libexec/mod_foo.so > > # "anonymous" user access to authenticated areas > # LoadModule anon_auth_module /usr/lib/apache/modules/mod_auth_anon.so > > # user authentication using Berkeley DB files > # LoadModule db_auth_module /usr/lib/apache/modules/mod_auth_db.so > > # user authentication using DBM files > # LoadModule dbm_auth_module /usr/lib/apache/modules/mod_auth_dbm.so > > # authentication using new-style MD5 Digest Authentication (experimental) > # LoadModule digest_auth_module /usr/lib/apache/modules/mod_auth_digest.so > > # CERN httpd metafile semantics > # LoadModule cern_meta_module /usr/lib/apache/modules/mod_cern_meta.so > > # configuration defines ($xxx) > # LoadModule define_module /usr/lib/apache/modules/mod_define.so > > # user authentication using old-style MD5 Digest Authentication > # LoadModule digest_module /usr/lib/apache/modules/mod_digest.so > > # generation of Expires HTTP headers according to user-specified criteria > # LoadModule expires_module /usr/lib/apache/modules/mod_expires.so > > # customization of HTTP response headers > # LoadModule headers_module /usr/lib/apache/modules/mod_headers.so > > # comprehensive overview of the server configuration > # LoadModule info_module /usr/lib/apache/modules/mod_info.so > > # logging of the client user agents (deprecated in favor of mod_log_config) > # LoadModule agent_log_module /usr/lib/apache/modules/mod_log_agent.so > > # logging of referers (deprecated in favor of mod_log_config) > # LoadModule referer_log_module /usr/lib/apache/modules/mod_log_referer.so > > # determining the MIME type of a file by looking at a few bytes of its > contents > # LoadModule mime_magic_module /usr/lib/apache/modules/mod_mime_magic.so > > # mmap()ing of a statically configured list of frequently requested but > # not changed files (experimental) > # LoadModule mmap_static_module /usr/lib/apache/modules/mod_mmap_static.so > > # rule-based rewriting engine to rewrite requested URLs on the fly > LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so > > # attempt to correct misspellings of URLs that users might have entered > # LoadModule speling_module /usr/lib/apache/modules/mod_speling.so > > # provides an environment variable with a unique identifier for each > request > # LoadModule unique_id_module /usr/lib/apache/modules/mod_unique_id.so > > # uses cookies to provide for a clickstream log of user activity on a site > # LoadModule usertrack_module /usr/lib/apache/modules/mod_usertrack.so > > # dynamically configured mass virtual hosting > # LoadModule vhost_alias_module /usr/lib/apache/modules/mod_vhost_alias.so > > # caching proxy > # LoadModule proxy_module /usr/lib/apache/modules/libproxy.so > > LoadModule php5_module /usr/local/lib/php-5.3/libphp5.so > AddModule mod_php5.c > > # > # Include extra module configuration files > # > Include /var/www/conf/modules/*.conf > > # > # ExtendedStatus controls whether Apache will generate "full" status > # information (ExtendedStatus On) or just basic information (ExtendedStatus > # Off) when the "server-status" handler is called. The default is Off. > # > #ExtendedStatus On > > ### Section 2: 'Main' server configuration > # > # The directives in this section set up the values used by the 'main' > # server, which responds to any requests that aren't handled by a > # <VirtualHost> definition. These values also provide defaults for > # any <VirtualHost> containers you may define later in the file. > # > # All of these directives may appear inside <VirtualHost> containers, > # in which case these default settings will be overridden for the > # virtual host being defined. > # > > # > # If your ServerType directive (set earlier in the 'Global Environment' > # section) is set to "inetd", the next few directives don't have any > # effect since their settings are defined by the inetd configuration. > # Skip ahead to the ServerAdmin directive. > # > > # > # Port: The port to which the standalone server listens. For > # ports < 1023, you will need httpd to be run as root initially. > # > Port 80 > > ## > ## SSL Support > ## > ## When we also provide SSL we have to listen to the > ## standard HTTP port (see above) and to the HTTPS port > ## > <IfDefine SSL> > Listen 80 > Listen 443 > </IfDefine> > > # > # If you wish httpd to run as a different user or group, you must run > # httpd as root initially and it will switch. > # > # User/Group: The name (or #number) of the user/group to run httpd as. > # . On SCO (ODT 3) use "User nouser" and "Group nogroup". > # . On HPUX you may not be able to use shared memory as nobody, and the > # suggested workaround is to create a user www and use that user. > # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) > # when the value of (unsigned)Group is above 60000; > # don't use Group #-1 on these systems! > # On OpenBSD, use user www, group www. > # > User www > Group www > > # > # ServerAdmin: Your address, where problems with the server should be > # e-mailed. This address appears on some server-generated pages, such > # as error documents. > # > ServerAdmin j...@secusrvr.com > > # > # ServerName allows you to set a host name which is sent back to clients > for > # your server if it's different than the one the program would get (i.e., > use > # "www" instead of the host's real name). > # > # Note: You cannot just invent host names and hope they work. The name you > # define here must be a valid DNS name for your host. If you don't > understand > # this, ask your network administrator. > # If your host doesn't have a registered DNS name, enter its IP address > here. > # You will have to access it by its address (e.g., http://123.45.67.89/) > # anyway, and this will make redirections work in a sensible way. > # > #ServerName new.host.name > > # > # DocumentRoot: The directory out of which you will serve your > # documents. By default, all requests are taken from this directory, but > # symbolic links and aliases may be used to point to other locations. > # > DocumentRoot "/var/www/htdocs" > > # > # Each directory to which Apache has access, can be configured with respect > # to which services and features are allowed and/or disabled in that > # directory (and its subdirectories). > # > # First, we configure the "default" to be a very restrictive set of > # permissions. > # > <Directory /> > Options FollowSymLinks > AllowOverride None > </Directory> > > # > # Note that from this point forward you must specifically allow > # particular features to be enabled - so if something's not working as > # you might expect, make sure that you have specifically enabled it > # below. > # > > # > # This should be changed to whatever you set DocumentRoot to. > # > <Directory "/var/www/htdocs"> > > # > # This may also be "None", "All", or any combination of "Indexes", > # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". > # > # Note that "MultiViews" must be named *explicitly* --- "Options All" > # doesn't give it to you. > # > Options Indexes FollowSymLinks > > # > # This controls which options the .htaccess files in directories can > # override. Can also be "All", or any combination of "Options", > "FileInfo", > # "AuthConfig", and "Limit" > # > AllowOverride None > > # > # Controls who can get stuff from this server. > # > Order allow,deny > Allow from all > </Directory> > > # > # UserDir: The directory which is prepended onto a users username, within > # which a users's web pages are looked for if a ~user request is received. > # Relative paths are relative to the user's home directory. > # > # "disabled" turns this feature off. > # > # Since httpd will chroot(2) to the ServerRoot path by default, > # you should use > # UserDir /var/www/users > # and create per user directories in /var/www/users/<username> > # > > UserDir disabled > > # > # Control access to UserDir directories. The following is an example > # for a site where these directories are restricted to read-only and > # are located under /users/<username> > # You will need to change this to match your site's home directories. > # > #<Directory /users/*> > # AllowOverride FileInfo AuthConfig Limit > # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec > # <Limit GET POST OPTIONS PROPFIND> > # Order allow,deny > # Allow from all > # </Limit> > # <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> > # Order deny,allow > # Deny from all > # </Limit> > #</Directory> > > # > # DirectoryIndex: Name of the file or files to use as a pre-written HTML > # directory index. Separate multiple entries with spaces. > # > DirectoryIndex index.php index.html > > # > # AccessFileName: The name of the file to look for in each directory > # for access control information. > # > AccessFileName .htaccess > > # > # The following lines prevent .htaccess files from being viewed by > # Web clients. Since .htaccess files often contain authorization > # information, access is disallowed for security reasons. Comment > # these lines out if you want Web visitors to see the contents of > # .htaccess files. If you change the AccessFileName directive above, > # be sure to make the corresponding changes here. > # > <Files .htaccess> > Order allow,deny > Deny from all > </Files> > > # > # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with > each > # document that was negotiated on the basis of content. This asks proxy > # servers not to cache the document. Uncommenting the following line > disables > # this behavior, and proxies will be allowed to cache the documents. > # > #CacheNegotiatedDocs > > # > # UseCanonicalName: (new for 1.3) With this setting turned on, whenever > # Apache needs to construct a self-referencing URL (a URL that refers back > # to the server the response is coming from) it will use ServerName and > # Port to form a "canonical" name. With this setting off, Apache will > # use the hostname:port that the client supplied, when possible. This > # also affects SERVER_NAME and SERVER_PORT in CGI scripts. > # > UseCanonicalName On > > # > # TypesConfig describes where the mime.types file (or equivalent) is > # to be found. > # > TypesConfig conf/mime.types > > # > # DefaultType is the default MIME type the server will use for a document > # if it cannot otherwise determine one, such as from filename extensions. > # If your server contains mostly text or HTML documents, "text/plain" is > # a good value. If most of your content is binary, such as applications > # or images, you may want to use "application/octet-stream" instead to > # keep browsers from trying to display binary files as though they are > # text. > # > DefaultType text/plain > > # > # The mod_mime_magic module allows the server to use various hints from the > # contents of the file itself to determine its type. The MIMEMagicFile > # directive tells the module where the hint definitions are located. > # mod_mime_magic is not part of the default server (you have to add > # it yourself with a LoadModule [see the DSO paragraph in the 'Global > # Environment' section], or recompile the server and include mod_mime_magic > # as part of the configuration), so it's enclosed in an <IfModule> > container. > # This means that the MIMEMagicFile directive will only be processed if the > # module is part of the server. > # > <IfModule mod_mime_magic.c> > MIMEMagicFile conf/magic > </IfModule> > > # > # HostnameLookups: Log the names of clients or just their IP addresses > # e.g., www.apache.org (on) or 204.62.129.132 (off). > # The default is off because it'd be overall better for the net if people > # had to knowingly turn this feature on, since enabling it means that > # each client request will result in AT LEAST one lookup request to the > # nameserver. > # > HostnameLookups Off > > # > # ErrorLog: The location of the error log file. > # If you do not specify an ErrorLog directive within a <VirtualHost> > # container, error messages relating to that virtual host will be > # logged here. If you *do* define an error logfile for a <VirtualHost> > # container, that host's errors will be logged there and not here. > # Either a filename or the text "syslog:" followed by a facility > # name may be specified here. > # > #ErrorLog syslog:daemon > ErrorLog logs/error_log > > # > # LogLevel: Control the number of messages logged to the error_log. > # Possible values include: debug, info, notice, warn, error, crit, > # alert, emerg. > # > LogLevel warn > > # > # The following directives define some format nicknames for use with > # a CustomLog directive (see below). > # > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" > combined > LogFormat "%h %l %u %t \"%r\" %>s %b" common > LogFormat "%{Referer}i -> %U" referer > LogFormat "%{User-agent}i" agent > > # > # The location and format of the access logfile (Common Logfile Format). > # If you do not define any access logfiles within a <VirtualHost> > # container, they will be logged here. Contrariwise, if you *do* > # define per-<VirtualHost> access logfiles, transactions will be > # logged therein and *not* in this file. > # > CustomLog logs/access_log common > > # > # If you would like to have agent and referer logfiles, uncomment the > # following directives. > # > #CustomLog logs/referer_log referer > #CustomLog logs/agent_log agent > > # > # If you prefer a single logfile with access, agent, and referer > information > # (Combined Logfile Format) you can use the following directive. > # > #CustomLog logs/access_log combined > > # > # Optionally add a line containing the server version and virtual host > # name to server-generated pages (error documents, FTP directory listings, > # mod_status and mod_info output etc., but not CGI generated documents). > # Set to "EMail" to also include a mailto: link to the ServerAdmin. > # Set to one of: On | Off | EMail > # > # ServerSignature Off > > # > # Aliases: Add here as many aliases as you need (with no limit). The > format is > # Alias fakename realname > # > # Note that if you include a trailing / on fakename then the server will > # require it to be present in the URL. So "/icons" isn't aliased in this > # example, only "/icons/".. > # > Alias /icons/ "/var/www/icons/" > > <Directory "/var/www/icons"> > Options Indexes MultiViews > AllowOverride None > Order allow,deny > Allow from all > </Directory> > > # > # ScriptAlias: This controls which directories contain server scripts. > # ScriptAliases are essentially the same as Aliases, except that > # documents in the realname directory are treated as applications and > # run by the server when requested rather than as documents sent to the > client. > # The same rules about trailing "/" apply to ScriptAlias directives as to > # Alias. > # > ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" > > # > # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased > # CGI directory exists, if you have that configured. > # > <Directory "/var/www/cgi-bin"> > AllowOverride None > Options None > Order allow,deny > Allow from all > </Directory> > > # > # Redirect allows you to tell clients about documents which used to exist > in > # your server's namespace, but do not anymore. This allows you to tell the > # clients where to look for the relocated document. > # Format: Redirect old-URI new-URL > # > > # > # Directives controlling the display of server-generated directory > listings. > # > > # > # FancyIndexing is whether you want fancy directory indexing or standard > # > IndexOptions FancyIndexing > > # > # AddIcon* directives tell the server which icon to show for different > # files or filename extensions. These are only displayed for > # FancyIndexed directories. > # > AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip > > AddIconByType (TXT,/icons/text.gif) text/* > AddIconByType (IMG,/icons/image2.gif) image/* > AddIconByType (SND,/icons/sound2.gif) audio/* > AddIconByType (VID,/icons/movie.gif) video/* > > AddIcon /icons/binary.gif .bin .exe > AddIcon /icons/binhex.gif .hqx > AddIcon /icons/tar.gif .tar > AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv > AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip > AddIcon /icons/a.gif .ps .ai .eps > AddIcon /icons/layout.gif .html .shtml .htm .pdf > AddIcon /icons/text.gif .txt > AddIcon /icons/c.gif .c > AddIcon /icons/p.gif .pl .py > AddIcon /icons/f.gif .for > AddIcon /icons/dvi.gif .dvi > AddIcon /icons/uuencoded.gif .uu > AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl > AddIcon /icons/tex.gif .tex > AddIcon /icons/bomb.gif core > > AddIcon /icons/back.gif .. > AddIcon /icons/hand.right.gif README > AddIcon /icons/folder.gif ^^DIRECTORY^^ > AddIcon /icons/blank.gif ^^BLANKICON^^ > > # > # DefaultIcon is which icon to show for files which do not have an icon > # explicitly set. > # > DefaultIcon /icons/unknown.gif > > # > # AddDescription allows you to place a short description after a file in > # server-generated indexes. These are only displayed for FancyIndexed > # directories. > # Format: AddDescription "description" filename > # > #AddDescription "GZIP compressed document" .gz > #AddDescription "tar archive" .tar > #AddDescription "GZIP compressed tar archive" .tgz > > # > # ReadmeName is the name of the README file the server will look for by > # default, and append to directory listings. > # > # HeaderName is the name of a file which should be prepended to > # directory indexes. > # > # The server will first look for name.html and include it if found. > # If name.html doesn't exist, the server will then look for name.txt > # and include it as plaintext if found. > # > ReadmeName README > HeaderName HEADER > > # > # IndexIgnore is a set of filenames which directory indexing should ignore > # and not include in the listing. Shell-style wildcarding is permitted. > # > IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t > > # > # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) > uncompress > # information on the fly. Note: Not all browsers support this. > # Despite the name similarity, the following Add* directives have nothing > # to do with the FancyIndexing customization directives above. > # > AddEncoding x-compress Z > AddEncoding x-gzip gz > > # > # AddLanguage allows you to specify the language of a document. You can > # then use content negotiation to give a browser a file in a language > # it can understand. Note that the suffix does not have to be the same > # as the language keyword --- those with documents in Polish (whose > # net-standard language code is pl) may wish to use "AddLanguage pl .po" > # to avoid the ambiguity with the common suffix for perl scripts. > # > AddLanguage en .en > AddLanguage fr .fr > AddLanguage de .de > AddLanguage da .da > AddLanguage el .el > AddLanguage it .it > > # > # LanguagePriority allows you to give precedence to some languages > # in case of a tie during content negotiation. > # Just list the languages in decreasing order of preference. > # > LanguagePriority en fr de > > # > # AddType allows you to tweak mime.types without actually editing it, or to > # make certain files to be certain types. > # > # For example, the PHP module (not part of the Apache distribution) > # will typically use: > # > AddType application/x-httpd-php .php > > # > # AddHandler allows you to map certain file extensions to "handlers", > # actions unrelated to filetype. These can be either built into the server > # or added with the Action command (see below) > # > # If you want to use server side includes, or CGI outside > # ScriptAliased directories, uncomment the following lines. > # > # To use CGI scripts: > # > #AddHandler cgi-script .cgi > > # > # To use server-parsed HTML files > # > #AddType text/html .shtml > #AddHandler server-parsed .shtml > > # > # Uncomment the following line to enable Apache's send-asis HTTP file > # feature > # > #AddHandler send-as-is asis > > # > # If you wish to use server-parsed imagemap files, use > # > #AddHandler imap-file map > > # > # To enable type maps, you might want to use > # > #AddHandler type-map var > > # > # Action lets you define media types that will execute a script whenever > # a matching file is called. This eliminates the need for repeated URL > # pathnames for oft-used CGI file processors. > # Format: Action media/type /cgi-script/location > # Format: Action handler-name /cgi-script/location > # > > # > # MetaDir: specifies the name of the directory in which Apache can find > # meta information files. These files contain additional HTTP headers > # to include when sending the document > # > #MetaDir .web > > # > # MetaSuffix: specifies the file name suffix for the file containing the > # meta information. > # > #MetaSuffix .meta > > # > # Customizable error response (Apache style) > # these come in three flavors > # > # 1) plain text > #ErrorDocument 500 "The server made a boo boo. > # n.b. the (") marks it as text, it does not get output > # > # 2) local redirects > #ErrorDocument 404 /missing.html > # to redirect to local URL /missing.html > #ErrorDocument 404 /cgi-bin/missing_handler.pl > # N.B.: You can redirect to a script or a document using > server-side-includes. > # > # 3) external redirects > #ErrorDocument 402 http://some.other_server.com/subscription_info.html > # N.B.: Many of the environment variables associated with the original > # request will *not* be available to such a script. > > # > # The following directives modify normal HTTP response behavior. > # The first directive disables keepalive for Netscape 2.x and browsers that > # spoof it. There are known problems with these browser implementations. > # The second directive is for Microsoft Internet Explorer 4.0b2 > # which has a broken HTTP/1.1 implementation and does not properly > # support keepalive when it is used on 301 or 302 (redirect) responses. > # > BrowserMatch "Mozilla/2" nokeepalive > BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 > > # > # The following directive disables HTTP/1.1 responses to browsers which > # are in violation of the HTTP/1.0 spec by not being able to grok a > # basic 1.1 response. > # > BrowserMatch "RealPlayer 4\.0" force-response-1.0 > BrowserMatch "Java/1\.0" force-response-1.0 > BrowserMatch "JDK/1\.0" force-response-1.0 > > # > # Allow server status reports, with the URL of > http://servername/server-status > # Change the ".your_domain.com" to match your domain to enable. By > default we > # allow server-status requests from 127.0.0.1 to make apachectl's status > and > # fullstatus commands work. > # > <Location /server-status> > SetHandler server-status > Order deny,allow > Deny from all > Allow from 127.0.0.1 > # Allow from .your_domain.com > </Location> > > # > # Allow remote server configuration reports, with the URL of > # http://servername/server-info (requires that mod_info.c be loaded). > # Change the ".your_domain.com" to match your domain to enable. > # > #<Location /server-info> > # SetHandler server-info > # Order deny,allow > # Deny from all > # Allow from .your_domain.com > #</Location> > > # > # There have been reports of people trying to abuse an old bug from pre-1.1 > # days. This bug involved a CGI script distributed as a part of Apache. > # By uncommenting these lines you can redirect these attacks to a logging > # script on phf.apache.org. Or, you can record them yourself, using the > script > # support/phf_abuse_log.cgi. > # > #<Location /cgi-bin/phf*> > # Deny from all > # ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi > #</Location> > > # > # Proxy Server directives. Uncomment the following lines to > # enable the proxy server: > # > #<IfModule mod_proxy.c> > #ProxyRequests On > # > #<Directory proxy:*> > # Order deny,allow > # Deny from all > # Allow from .your_domain.com > #</Directory> > > # > # Enable/disable the handling of HTTP/1.1 "Via:" headers. > # ("Full" adds the server version; "Block" removes all outgoing Via: > headers) > # Set to one of: Off | On | Full | Block > # > #ProxyVia On > > # > # To enable the cache as well, edit and uncomment the following lines: > # (no cacheing without CacheRoot) > # > #CacheRoot "/var/www/proxy" > #CacheSize 5 > #CacheGcInterval 4 > #CacheMaxExpire 24 > #CacheLastModifiedFactor 0.1 > #CacheDefaultExpire 1 > #NoCache a_domain.com another_domain.edu joes.garage_sale.com > > #</IfModule> > # End of proxy directives. > > ### Section 3: Virtual Hosts > # > # VirtualHost: If you want to maintain multiple domains/hostnames on your > # machine you can setup VirtualHost containers for them. > # Please see the documentation at <URL:http://www.apache.org/docs/vhosts/> > # for further details before you try to setup virtual hosts. > # You may use the command line option '-S' to verify your virtual host > # configuration. > > # > # If you want to use name-based virtual hosts you need to define at > # least one IP address (and port number) for them. > # > #NameVirtualHost 12.34.56.78:80 > #NameVirtualHost 12.34.56.78 > > # > # VirtualHost example: > # Almost any Apache directive may go into a VirtualHost container. > # > #<VirtualHost ip.address.of.host.some_domain.com> > # ServerAdmin webmaster@host.some_domain.com > # DocumentRoot /www/docs/host.some_domain.com > # ServerName host.some_domain.com > # ErrorLog logs/host.some_domain.com-error_log > # CustomLog logs/host.some_domain.com-access_log common > #</VirtualHost> > > #<VirtualHost _default_:*> > #</VirtualHost> > > > ## > ## SSL Global Context > ## > ## All SSL configuration in this context applies both to > ## the main server and all SSL-enabled virtual hosts. > ## > > # > # Some MIME-types for downloading Certificates and CRLs > # > <IfDefine SSL> > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > </IfDefine> > > <IfModule mod_ssl.c> > > # Pass Phrase Dialog: > # Configure the pass phrase gathering process. > # The filtering dialog program (`builtin' is a internal > # terminal dialog) has to provide the pass phrase on stdout. > SSLPassPhraseDialog builtin > > # Inter-Process Session Cache: > # Configure the SSL Session Cache: First either `none' > # or `dbm:/path/to/file' for the mechanism to use and > # second the expiring timeout (in seconds). > SSLSessionCache dbm:logs/ssl_scache > SSLSessionCacheTimeout 300 > > # Semaphore: > # Configure the path to the mutual exclusion semaphore the > # SSL engine uses internally for inter-process synchronization. > SSLMutex sem > > # Pseudo Random Number Generator (PRNG): > # Configure one or more sources to seed the PRNG of the > # SSL library. The seed data should be of good random quality. > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > #SSLRandomSeed startup file:/dev/random 512 > #SSLRandomSeed startup file:/dev/urandom 512 > #SSLRandomSeed connect file:/dev/random 512 > #SSLRandomSeed connect file:/dev/urandom 512 > SSLRandomSeed startup file:/dev/arandom 512 > > # Logging: > # The home of the dedicated SSL protocol logfile. Errors are > # additionally duplicated in the general error log file. Put > # this somewhere where it cannot be used for symlink attacks on > # a real server (i.e. somewhere where only root can write). > # Log levels are (ascending order: higher ones include lower ones): > # none, error, warn, info, trace, debug. > SSLLog logs/ssl_engine_log > SSLLogLevel info > > </IfModule> > > NameVirtualHost 208.79.92.130:443 > NameVirtualHost 127.0.0.1:443 > <VirtualHost *:443> > DocumentRoot "/var/www/sites/secusrvr.com" > ServerName secusrvr.com > # SSL Engine Switch: > # Enable/Disable SSL for this virtual host. > SSLEngine on > > # SSL Cipher Suite: > # List the ciphers that the client is permitted to negotiate. > # See the mod_ssl documentation for a complete list. > #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > # Server Certificate: > # Point SSLCertificateFile at a PEM encoded certificate. If > # the certificate is encrypted, then you will be prompted for a > # pass phrase. Note that a kill -HUP will prompt again. A test > # certificate can be generated with `make certificate' under > # built time. > SSLCertificateFile /etc/ssl/private/secusrvr.com.crt > > # Server Private Key: > # If the key is not combined with the certificate, use this > # directive to point at the key file. > SSLCertificateKeyFile /etc/ssl/private/server.key > > # Certificate Authority (CA): > # Set the CA certificate verification path where to find CA > # certificates for client authentication or alternatively one > # huge file containing all of them (file must be PEM encoded) > # Note: Inside SSLCACertificatePath you need hash symlinks > # to point to the certificate files. Use the provided > # Makefile to update the hash symlinks after changes. > #SSLCACertificatePath /var/www/conf/ssl.crt > #SSLCACertificateFile /var/www/conf/ssl.crt/ca-bundle.crt > SSLCACertificateFile /etc/ssl/private/gd_bundle.crt > # Client Authentication (Type): > # Client certificate verification type and depth. Types are > # none, optional, require and optional_no_ca. Depth is a > # number which specifies how deeply to verify the certificate > # issuer chain before deciding the certificate is not valid. > #SSLVerifyClient require > #SSLVerifyDepth 10 > > # Access Control: > # With SSLRequire you can do per-directory access control based > # on arbitrary complex boolean expressions containing server > # variable checks and other lookup directives. The syntax is a > # mixture between C and Perl. See the mod_ssl documentation > # for more details. > #<Location /> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ > #</Location> > > # SSL Engine Options: > # Set various options for the SSL engine. > # FakeBasicAuth: > # Translate the client X.509 into a Basic Authorisation. This means > that > # the standard Auth/DBMAuth methods can be used for access control. > The > # user name is the `one line' version of the client's X.509 > certificate. > # Note that no password is obtained from the user. Every entry in the > user > # file needs this password: `xxj31ZMTZzkVA'. > # ExportCertData: > # This exports two additional environment variables: SSL_CLIENT_CERT > and > # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the > # server (always existing) and the client (only existing when client > # authentication is used). This can be used to import the certificates > # into CGI scripts. > # CompatEnvVars: > # This exports obsolete environment variables for backward > compatibility > # to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use > this > # to provide compatibility to existing CGI scripts. > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars > > # Per-Server Logging: > # The home of a custom SSL log file. Use this when you want a > # compact non-error SSL logfile on a virtual host basis. > CustomLog logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > <Directory "/var/www/sites/secusrvr.com"> > allow from all > Options +Indexes > AllowOverride All > </Directory> > > > </VirtualHost> > > NameVirtualHost 208.79.92.130:80 > NameVirtualHost 127.0.0.1:80 > <VirtualHost *:80> > DocumentRoot "/var/www/sites/johntate.org" > ServerName johntate.org > > <Directory "/var/www/sites/johntate.org"> > allow from all > Options +Indexes > AllowOverride All > </Directory> > </VirtualHost> > > NameVirtualHost 208.79.92.130:80 > NameVirtualHost 127.0.0.1:80 > <VirtualHost *:80> > DocumentRoot "/var/www/sites/www.johntate.org" > ServerName www.johntate.org > > <Directory "/var/www/sites/www.johntate.org"> > allow from all > Options +Indexes > AllowOverride All > </Directory> > </VirtualHost> > > NameVirtualHost 208.79.92.130:80 > NameVirtualHost 127.0.0.1:80 > <VirtualHost *:80> > DocumentRoot "/var/www/sites/www.secusrvr.com" > ServerName www.secusrvr.com > > <Directory "/var/www/sites/www.seucsrvr.com"> > allow from all > Options +Indexes > AllowOverride All > </Directory> > </VirtualHost> > > > -- > www.johntate.org > -- www.johntate.org