apache.conf.in 4.8 KB
Newer Older
1 2 3 4 5
# Apache configuration file for Zope
# Automatically generated

# Basic server configuration
PidFile "{{ pid_file }}"
6
ServerName {{ domain }}
7 8 9
DocumentRoot {{ document_root }}
ServerRoot {{ instance_home }}

10
{% for ip in (ipv4_addr, "[%s]" % ipv6_addr) -%}
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
{%   for port in (http_port, https_port) -%}
{{ "Listen %s:%s" % (ip, port)  }}
{%   endfor -%}
{% endfor -%}

ServerAdmin {{ server_admin }}
DefaultType text/plain
TypesConfig {{ httpd_home }}/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER

ServerTokens Prod

# Log configuration
ErrorLog "{{ error_log }}"
29
LogLevel info
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
# CustomLog "{{ access_log }}" common
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
CustomLog "{{ access_log }}" combined

<Directory {{ protected_path }}>
  Order Deny,Allow
  Allow from {{ access_control_string }}
</Directory>

<Directory {{ document_root }}>
  Order Allow,Deny
  Allow from All
</Directory>

# List of modules
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
LoadModule mem_cache_module   {{ httpd_home }}/modules/mod_mem_cache.so
LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so

# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

# Cache directives
CacheEnable mem /
CacheDefaultExpire 3600
MCacheSize 8192
MCacheMaxObjectCount 1000
MCacheMaxObjectSize 8192
MCacheRemovalAlgorithm LRU

# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# SSL Configuration
SSLCertificateFile {{ login_certificate }}
SSLCertificateKeyFile {{ login_key }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
<FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
</FilesMatch>
# Accept proxy to sites using self-signed SSL certificates
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off

NameVirtualHost *:{{ http_port }}
NameVirtualHost *:{{ https_port }}
include {{ slave_configuration_directory }}/*.conf