DirectoryIndex index.php index.html
AddDefaultCharset utf-8

ServerRoot "/usr/lib64/apache2"
ServerAdmin worm2fed@mail.ru
ServerName deimos

DocumentRoot "/home/worm2fed/server/html"


<Directory />
	Options -Indexes FollowSymLinks
	AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<Directory "/home/worm2fed/server/html">
	Options -Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
	DirectoryIndex index.php index.html index.htm index.pl
</IfModule>

ErrorLog "/home/worm2fed/server/logs/error.log"
LogLevel warn

<IfModule log_config_module>
	LogFormat "%v: %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
	LogFormat "%v: %h %l %u %t \"%r\" %>s %b" common

<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
	LogFormat "%v: %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
	CustomLog "/home/worm2fed/server/logs/queries.log" combined
</IfModule>

	AddType application/x-httpd-php .php 
	AddType application/x-httpd-php .phtml
	AddType application/x-httpd-php-source .phps

ErrorDocument 400 "/home/worm2fed/server/conf/err/HTTP_BAD_REQUEST.html"
ErrorDocument 401 "/home/worm2fed/server/conf/err/HTTP_UNAUTHORIZED.html"
ErrorDocument 403 "/home/worm2fed/server/conf/err/HTTP_FORBIDDEN.html"
ErrorDocument 404 "/home/worm2fed/server/conf/err/HTTP_NOT_FOUND.html"
ErrorDocument 405 "/home/worm2fed/server/conf/err/HTTP_METHOD_NOT_ALLOWED.html"
ErrorDocument 408 "/home/worm2fed/server/conf/err/HTTP_REQUEST_TIME_OUT.html"
ErrorDocument 410 "/home/worm2fed/server/conf/err/HTTP_GONE.html"
ErrorDocument 411 "/home/worm2fed/server/conf/err/HTTP_LENGTH_REQUIRED.html"
ErrorDocument 412 "/home/worm2fed/server/conf/err/HTTP_PRECONDITION_FAILED.html"
ErrorDocument 413 "/home/worm2fed/server/conf/err/HTTP_REQUEST_ENTITY_TOO_LARGE.html"
ErrorDocument 414 "/home/worm2fed/server/conf/err/HTTP_REQUEST_URI_TOO_LARGE.html"
ErrorDocument 415 "/home/worm2fed/server/conf/err/HTTP_UNSUPPORTED_MEDIA_TYPE.html"
ErrorDocument 500 "/home/worm2fed/server/conf/err/HTTP_INTERNAL_SERVER_ERROR.html"
ErrorDocument 501 "/home/worm2fed/server/conf/err/HTTP_NOT_IMPLEMENTED.html"
ErrorDocument 502 "/home/worm2fed/server/conf/err/HTTP_BAD_GATEWAY.html"
ErrorDocument 503 "/home/worm2fed/server/conf/err/HTTP_SERVICE_UNAVAILABLE.html"
ErrorDocument 506 "/home/worm2fed/server/conf/err/HTTP_VARIANT_ALSO_VARIES.html"

<VirtualHost localhost:80>
	DocumentRoot "/home/worm2fed/server/html/localhost/www/"
	ServerName "localhost"
	ServerAlias "localhost" "www.localhost"
  <IfModule alias_module>
	ScriptAlias /cgi-bin/ "/home/worm2fed/server/html/localhost/www/cgi-bin/"
  </IfModule>
</VirtualHost>

<IfModule ssl_module>
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
</IfModule>

AccessFileName .htaccess

<Files .htaccess>
	Order deny,allow
	Allow from all
	Satisfy all
</Files>

UseCanonicalName On

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
<IfDefine AUTHNZ_LDAP>
	LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
</IfDefine>
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfDefine CACHE>
	LoadModule cache_module modules/mod_cache.so
</IfDefine>
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
<IfDefine DAV>
	LoadModule dav_module modules/mod_dav.so
</IfDefine>
<IfDefine DAV>
	LoadModule dav_fs_module modules/mod_dav_fs.so
</IfDefine>
<IfDefine DAV>
	LoadModule dav_lock_module modules/mod_dav_lock.so
</IfDefine>
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
<IfDefine CACHE>
	LoadModule disk_cache_module modules/mod_disk_cache.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
<IfDefine CACHE>
	LoadModule file_cache_module modules/mod_file_cache.so
</IfDefine>
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
<IfDefine INFO>
	LoadModule info_module modules/mod_info.so
</IfDefine>
<IfDefine LDAP>
	LoadModule ldap_module modules/mod_ldap.so
</IfDefine>
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
<IfDefine CACHE>
	LoadModule mem_cache_module modules/mod_mem_cache.so
</IfDefine>
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
<IfDefine SSL>
	LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
<IfDefine STATUS>
	LoadModule status_module modules/mod_status.so
</IfDefine>
#LoadModule unique_id_module modules/mod_unique_id.so
<IfDefine USERDIR>
	LoadModule userdir_module modules/mod_userdir.so
</IfDefine>
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

PHPINIDir "/etc/php/apache2-php5.3/"
LoadModule php5_module "/usr/lib64/php5.3/apache2/libphp5.so"

	User worm2fed
	Group apache
	ServerTokens Prod 
	ServerSignature Off 
	Timeout 45 

Include /etc/apache2/modules.d/*.conf
Include /etc/apache2/vhosts.d/*.conf

worm2fed@deimos / $ ls /etc/apache2/vhosts.d/*.conf
/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
/etc/apache2/vhosts.d/00_default_vhost.conf
worm2fed@deimos / $ 

worm2fed@deimos / $ less /etc/apache2/vhosts.d/00_default_vhost.conf 

# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

<IfDefine DEFAULT_VHOST>
# see bug #178966 why this is in here

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

# Use name-based virtual hosting.
NameVirtualHost *:80

# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.
<VirtualHost *:80>
        ServerName localhost
        Include /etc/apache2/vhosts.d/default_vhost.include

        <IfModule mpm_peruser_module>
                ServerEnvironment apache apache
        </IfModule>
</VirtualHost>
</IfDefine>

# vim: ts=4 filetype=apache

worm2fed@deimos / $ 

worm2fed@deimos / $ less /etc/apache2/vhosts.d/00_default_ssl_vhost.conf

<IfDefine SSL>
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
# see bug #178966 why this is in here

# When we also provide SSL we have to listen to the HTTPS port
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
Listen 443

<VirtualHost _default_:443>
        ServerName localhost
        Include /etc/apache2/vhosts.d/default_vhost.include
        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>
                TransferLog /var/log/apache2/ssl_access_log
        </IfModule>

        ## SSL Engine Switch:
        # Enable/Disable SSL for this virtual host.
        SSLEngine on
        ## SSL Cipher Suite:
        # List the ciphers that the client is permitted to negotiate.
        # See the mod_ssl documentation for a complete list.
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        ## Server Certificate:
        # Point SSLCertificateFile at a PEM encoded certificate. If the certificate
        # is encrypted, then you will be prompted for a pass phrase. Note that a 
        # kill -HUP will prompt again. Keep in mind that if you have both an RSA
        # and a DSA certificate you can configure both in parallel (to also allow
        # the use of DSA ciphers, etc.)
        SSLCertificateFile /etc/ssl/apache2/server.crt

        ## Server Private Key:
        # If the key is not combined with the certificate, use this directive to
        # point at the key file. Keep in mind that if you've both a RSA and a DSA
        # private key you can configure both in parallel (to also allow the use of
        # DSA ciphers, etc.)
SSLCertificateKeyFile /etc/ssl/apache2/server.key

        ## Server Certificate Chain:
        # Point SSLCertificateChainFile at a file containing the concatenation of 
        # PEM encoded CA certificates which form the certificate chain for the
        # server certificate. Alternatively the referenced file can be the same as
        # SSLCertificateFile when the CA certificates are directly appended to the
        # server certificate for convinience.
        #SSLCertificateChainFile /etc/ssl/apache2/ca.crt

        ## Certificate Authority (CA):
        # Set the CA certificate verification path where to find CA certificates
        # for client authentication or alternatively one huge file containing all
        # of them (file must be PEM encoded).
        # Note: Inside SSLCACertificatePath you need hash symlinks to point to the
        # certificate files. Use the provided Makefile to update the hash symlinks
        # after changes.
        #SSLCACertificatePath /etc/ssl/apache2/ssl.crt
        #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt
## Certificate Revocation Lists (CRL):
        # Set the CA revocation path where to find CA CRLs for client authentication
        # or alternatively one huge file containing all of them (file must be PEM 
        # encoded).
        # Note: Inside SSLCARevocationPath you need hash symlinks to point to the
        # certificate files. Use the provided Makefile to update the hash symlinks
        # after changes.
        #SSLCARevocationPath /etc/ssl/apache2/ssl.crl
        #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl

        ## Client Authentication (Type):
        # Client certificate verification type and depth. Types are none, optional,
        # require and optional_no_ca. Depth is a number which specifies how deeply
        # to verify the certificate issuer chain before deciding the certificate is
# not valid.
        #SSLVerifyClient require
        #SSLVerifyDepth  10

        ## Access Control:
        # With SSLRequire you can do per-directory access control based on arbitrary
        # complex boolean expressions containing server variable checks and other
        # lookup directives. The syntax is a mixture between C and Perl. See the
        # mod_ssl documentation for more details.
        #<Location />
        #       #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
        #       and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
        #       and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
        #       and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
        #       and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
        #       or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
        #</Location>
## SSL Engine Options:
        # Set various options for the SSL engine.

        ## FakeBasicAuth:
        # Translate the client X.509 into a Basic Authorisation. This means that the
        # standard Auth/DBMAuth methods can be used for access control. The user 
        # name is the `one line' version of the client's X.509 certificate. 
        # Note that no password is obtained from the user. Every entry in the user 
        # file needs this password: `xxj31ZMTZzkVA'.

        ## ExportCertData:
        # This exports two additional environment variables: SSL_CLIENT_CERT and 
        # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
        # (always existing) and the client (only existing when client 
        # authentication is used). This can be used to import the certificates into
# CGI scripts.

        ## StdEnvVars:
        # This exports the standard SSL/TLS related `SSL_*' environment variables. 
        # Per default this exportation is switched off for performance reasons, 
        # because the extraction step is an expensive operation and is usually 
        # useless for serving static content. So one usually enables the exportation
        # for CGI and SSI requests only.

        ## StrictRequire:
        # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
        # a "Satisfy any" situation, i.e. when it applies access is denied and no
        # other module can change it.
## OptRenegotiate:
        # This enables optimized SSL connection renegotiation handling when SSL 
        # directives are used in per-directory context.
        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>

        ## SSL Protocol Adjustments:
        # The safe and default but still SSL/TLS standard compliant shutdown
        # approach is that mod_ssl sends the close notify alert but doesn't wait
        # for the close notify alert from client. When you need a different
        # shutdown approach you can use one of the following variables:
## ssl-unclean-shutdown:
        # This forces an unclean shutdown when the connection is closed, i.e. no
        # SSL close notify alert is send or allowed to received.  This violates the
        # SSL/TLS standard but is needed for some brain-dead browsers. Use this when
        # you receive I/O errors because of the standard approach where mod_ssl
        # sends the close notify alert.

        ## ssl-accurate-shutdown:
        # This forces an accurate shutdown when the connection is closed, i.e. a
        # SSL close notify alert is send and mod_ssl waits for the close notify
        # alert of the client. This is 100% SSL/TLS standard compliant, but in
        # practice often causes hanging connections with brain-dead browsers. Use
        # this only for browsers where you know that their SSL implementation works
# correctly. 
        # Notice: Most problems of broken clients are also related to the HTTP 
        # keep-alive facility, so you usually additionally want to disable 
        # keep-alive for those clients, too. Use variable "nokeepalive" for this.
        # Similarly, one has to force some clients to use HTTP/1.0 to workaround
        # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
        # "force-response-1.0" for this.
        <IfModule setenvif_module>
                BrowserMatch ".*MSIE.*" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        </IfModule>

        ## Per-Server Logging:
        # The home of a custom SSL log file. Use this when you want a compact 
        # non-error SSL logfile on a virtual host basis.
        <IfModule log_config_module>
                CustomLog /var/log/apache2/ssl_request_log \
                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        </IfModule>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>

# vim: ts=4 filetype=apache

worm2fed@deimos / $ 

worm2fed@deimos / $ less /etc/apache2/vhosts.d/default_vhost.include 

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
ServerAdmin root@localhost

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
# If you change this to something that isn't under /var/www then suexec
# will no longer work.
DocumentRoot "/var/www/localhost/htdocs"

# This should be changed to whatever you set DocumentRoot to.
<Directory "/var/www/localhost/htdocs">
        # Possible values for the Options directive are "None", "All",
        # or any combination of:
        #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
        #
        # Note that "MultiViews" must be named *explicitly* --- "Options All"
        # doesn't give it to you.
#
        # The Options directive is both complicated and important.  Please see
        # http://httpd.apache.org/docs/2.2/mod/core.html#options
        # for more information.
        Options Indexes FollowSymLinks

        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        AllowOverride All
# Controls who can get stuff from this server.
        Order allow,deny
        Allow from all
</Directory>

<IfModule alias_module>
        # Redirect: Allows you to tell clients about documents that used to
        # exist in your server's namespace, but do not anymore. The client
        # will make a new request for the document at its new location.
        # Example:
        #   Redirect permanent /foo http://www.example.com/bar

        # Alias: Maps web paths into filesystem paths and is used to
        # access content that does not live under the DocumentRoot.
        # Example:
        #   Alias /webpath /full/filesystem/path
        #
        # If you include a trailing / on /webpath then the server will
        # require it to be present in the URL.  You will also likely
        # need to provide a <Directory> section to allow access to
        # the filesystem path.

        # ScriptAlias: This controls which directories contain server scripts.
        # ScriptAliases are essentially the same as Aliases, except that
        # documents in the target directory are treated as applications and
        # run by the server when requested rather than as documents sent to the
        # client.  The same rules about trailing "/" apply to ScriptAlias
        # directives as to Alias.
        ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
</IfModule>
# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/var/www/localhost/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
</Directory>

# vim: ts=4 filetype=apache
worm2fed@deimos / $