maybe chmod 0644 'aliases.db'
maybe chmod 0755 'alternatives'
maybe chmod 0644 'alternatives/README'
+maybe chmod 0755 'apache2'
+maybe chmod 0644 'apache2/apache2.conf'
+maybe chmod 0755 'apache2/conf-available'
+maybe chmod 0644 'apache2/conf-available/charset.conf'
+maybe chmod 0644 'apache2/conf-available/localized-error-pages.conf'
+maybe chmod 0644 'apache2/conf-available/other-vhosts-access-log.conf'
+maybe chmod 0644 'apache2/conf-available/security.conf'
+maybe chmod 0644 'apache2/conf-available/serve-cgi-bin.conf'
+maybe chmod 0755 'apache2/conf-enabled'
+maybe chmod 0644 'apache2/envvars'
+maybe chmod 0644 'apache2/magic'
+maybe chmod 0755 'apache2/mods-available'
+maybe chmod 0644 'apache2/mods-available/access_compat.load'
+maybe chmod 0644 'apache2/mods-available/actions.conf'
+maybe chmod 0644 'apache2/mods-available/actions.load'
+maybe chmod 0644 'apache2/mods-available/alias.conf'
+maybe chmod 0644 'apache2/mods-available/alias.load'
+maybe chmod 0644 'apache2/mods-available/allowmethods.load'
+maybe chmod 0644 'apache2/mods-available/asis.load'
+maybe chmod 0644 'apache2/mods-available/auth_basic.load'
+maybe chmod 0644 'apache2/mods-available/auth_digest.load'
+maybe chmod 0644 'apache2/mods-available/auth_form.load'
+maybe chmod 0644 'apache2/mods-available/authn_anon.load'
+maybe chmod 0644 'apache2/mods-available/authn_core.load'
+maybe chmod 0644 'apache2/mods-available/authn_dbd.load'
+maybe chmod 0644 'apache2/mods-available/authn_dbm.load'
+maybe chmod 0644 'apache2/mods-available/authn_file.load'
+maybe chmod 0644 'apache2/mods-available/authn_socache.load'
+maybe chmod 0644 'apache2/mods-available/authnz_fcgi.load'
+maybe chmod 0644 'apache2/mods-available/authnz_ldap.load'
+maybe chmod 0644 'apache2/mods-available/authz_core.load'
+maybe chmod 0644 'apache2/mods-available/authz_dbd.load'
+maybe chmod 0644 'apache2/mods-available/authz_dbm.load'
+maybe chmod 0644 'apache2/mods-available/authz_groupfile.load'
+maybe chmod 0644 'apache2/mods-available/authz_host.load'
+maybe chmod 0644 'apache2/mods-available/authz_owner.load'
+maybe chmod 0644 'apache2/mods-available/authz_user.load'
+maybe chmod 0644 'apache2/mods-available/autoindex.conf'
+maybe chmod 0644 'apache2/mods-available/autoindex.load'
+maybe chmod 0644 'apache2/mods-available/brotli.load'
+maybe chmod 0644 'apache2/mods-available/buffer.load'
+maybe chmod 0644 'apache2/mods-available/cache.load'
+maybe chmod 0644 'apache2/mods-available/cache_disk.conf'
+maybe chmod 0644 'apache2/mods-available/cache_disk.load'
+maybe chmod 0644 'apache2/mods-available/cache_socache.load'
+maybe chmod 0644 'apache2/mods-available/cern_meta.load'
+maybe chmod 0644 'apache2/mods-available/cgi.load'
+maybe chmod 0644 'apache2/mods-available/cgid.conf'
+maybe chmod 0644 'apache2/mods-available/cgid.load'
+maybe chmod 0644 'apache2/mods-available/charset_lite.load'
+maybe chmod 0644 'apache2/mods-available/data.load'
+maybe chmod 0644 'apache2/mods-available/dav.load'
+maybe chmod 0644 'apache2/mods-available/dav_fs.conf'
+maybe chmod 0644 'apache2/mods-available/dav_fs.load'
+maybe chmod 0644 'apache2/mods-available/dav_lock.load'
+maybe chmod 0644 'apache2/mods-available/dbd.load'
+maybe chmod 0644 'apache2/mods-available/deflate.conf'
+maybe chmod 0644 'apache2/mods-available/deflate.load'
+maybe chmod 0644 'apache2/mods-available/dialup.load'
+maybe chmod 0644 'apache2/mods-available/dir.conf'
+maybe chmod 0644 'apache2/mods-available/dir.load'
+maybe chmod 0644 'apache2/mods-available/dump_io.load'
+maybe chmod 0644 'apache2/mods-available/echo.load'
+maybe chmod 0644 'apache2/mods-available/env.load'
+maybe chmod 0644 'apache2/mods-available/expires.load'
+maybe chmod 0644 'apache2/mods-available/ext_filter.load'
+maybe chmod 0644 'apache2/mods-available/file_cache.load'
+maybe chmod 0644 'apache2/mods-available/filter.load'
+maybe chmod 0644 'apache2/mods-available/headers.load'
+maybe chmod 0644 'apache2/mods-available/heartbeat.load'
+maybe chmod 0644 'apache2/mods-available/heartmonitor.load'
+maybe chmod 0644 'apache2/mods-available/http2.conf'
+maybe chmod 0644 'apache2/mods-available/http2.load'
+maybe chmod 0644 'apache2/mods-available/ident.load'
+maybe chmod 0644 'apache2/mods-available/imagemap.load'
+maybe chmod 0644 'apache2/mods-available/include.load'
+maybe chmod 0644 'apache2/mods-available/info.conf'
+maybe chmod 0644 'apache2/mods-available/info.load'
+maybe chmod 0644 'apache2/mods-available/lbmethod_bybusyness.load'
+maybe chmod 0644 'apache2/mods-available/lbmethod_byrequests.load'
+maybe chmod 0644 'apache2/mods-available/lbmethod_bytraffic.load'
+maybe chmod 0644 'apache2/mods-available/lbmethod_heartbeat.load'
+maybe chmod 0644 'apache2/mods-available/ldap.conf'
+maybe chmod 0644 'apache2/mods-available/ldap.load'
+maybe chmod 0644 'apache2/mods-available/log_debug.load'
+maybe chmod 0644 'apache2/mods-available/log_forensic.load'
+maybe chmod 0644 'apache2/mods-available/lua.load'
+maybe chmod 0644 'apache2/mods-available/macro.load'
+maybe chmod 0644 'apache2/mods-available/md.load'
+maybe chmod 0644 'apache2/mods-available/mime.conf'
+maybe chmod 0644 'apache2/mods-available/mime.load'
+maybe chmod 0644 'apache2/mods-available/mime_magic.conf'
+maybe chmod 0644 'apache2/mods-available/mime_magic.load'
+maybe chmod 0644 'apache2/mods-available/mpm_event.conf'
+maybe chmod 0644 'apache2/mods-available/mpm_event.load'
+maybe chmod 0644 'apache2/mods-available/mpm_prefork.conf'
+maybe chmod 0644 'apache2/mods-available/mpm_prefork.load'
+maybe chmod 0644 'apache2/mods-available/mpm_worker.conf'
+maybe chmod 0644 'apache2/mods-available/mpm_worker.load'
+maybe chmod 0644 'apache2/mods-available/negotiation.conf'
+maybe chmod 0644 'apache2/mods-available/negotiation.load'
+maybe chmod 0644 'apache2/mods-available/proxy.conf'
+maybe chmod 0644 'apache2/mods-available/proxy.load'
+maybe chmod 0644 'apache2/mods-available/proxy_ajp.load'
+maybe chmod 0644 'apache2/mods-available/proxy_balancer.conf'
+maybe chmod 0644 'apache2/mods-available/proxy_balancer.load'
+maybe chmod 0644 'apache2/mods-available/proxy_connect.load'
+maybe chmod 0644 'apache2/mods-available/proxy_express.load'
+maybe chmod 0644 'apache2/mods-available/proxy_fcgi.load'
+maybe chmod 0644 'apache2/mods-available/proxy_fdpass.load'
+maybe chmod 0644 'apache2/mods-available/proxy_ftp.conf'
+maybe chmod 0644 'apache2/mods-available/proxy_ftp.load'
+maybe chmod 0644 'apache2/mods-available/proxy_hcheck.load'
+maybe chmod 0644 'apache2/mods-available/proxy_html.conf'
+maybe chmod 0644 'apache2/mods-available/proxy_html.load'
+maybe chmod 0644 'apache2/mods-available/proxy_http.load'
+maybe chmod 0644 'apache2/mods-available/proxy_http2.load'
+maybe chmod 0644 'apache2/mods-available/proxy_scgi.load'
+maybe chmod 0644 'apache2/mods-available/proxy_uwsgi.load'
+maybe chmod 0644 'apache2/mods-available/proxy_wstunnel.load'
+maybe chmod 0644 'apache2/mods-available/ratelimit.load'
+maybe chmod 0644 'apache2/mods-available/reflector.load'
+maybe chmod 0644 'apache2/mods-available/remoteip.load'
+maybe chmod 0644 'apache2/mods-available/reqtimeout.conf'
+maybe chmod 0644 'apache2/mods-available/reqtimeout.load'
+maybe chmod 0644 'apache2/mods-available/request.load'
+maybe chmod 0644 'apache2/mods-available/rewrite.load'
+maybe chmod 0644 'apache2/mods-available/sed.load'
+maybe chmod 0644 'apache2/mods-available/session.load'
+maybe chmod 0644 'apache2/mods-available/session_cookie.load'
+maybe chmod 0644 'apache2/mods-available/session_crypto.load'
+maybe chmod 0644 'apache2/mods-available/session_dbd.load'
+maybe chmod 0644 'apache2/mods-available/setenvif.conf'
+maybe chmod 0644 'apache2/mods-available/setenvif.load'
+maybe chmod 0644 'apache2/mods-available/slotmem_plain.load'
+maybe chmod 0644 'apache2/mods-available/slotmem_shm.load'
+maybe chmod 0644 'apache2/mods-available/socache_dbm.load'
+maybe chmod 0644 'apache2/mods-available/socache_memcache.load'
+maybe chmod 0644 'apache2/mods-available/socache_shmcb.load'
+maybe chmod 0644 'apache2/mods-available/speling.load'
+maybe chmod 0644 'apache2/mods-available/ssl.conf'
+maybe chmod 0644 'apache2/mods-available/ssl.load'
+maybe chmod 0644 'apache2/mods-available/status.conf'
+maybe chmod 0644 'apache2/mods-available/status.load'
+maybe chmod 0644 'apache2/mods-available/substitute.load'
+maybe chmod 0644 'apache2/mods-available/suexec.load'
+maybe chmod 0644 'apache2/mods-available/unique_id.load'
+maybe chmod 0644 'apache2/mods-available/userdir.conf'
+maybe chmod 0644 'apache2/mods-available/userdir.load'
+maybe chmod 0644 'apache2/mods-available/usertrack.load'
+maybe chmod 0644 'apache2/mods-available/vhost_alias.load'
+maybe chmod 0644 'apache2/mods-available/xml2enc.load'
+maybe chmod 0755 'apache2/mods-enabled'
+maybe chmod 0644 'apache2/ports.conf'
+maybe chmod 0755 'apache2/sites-available'
+maybe chmod 0644 'apache2/sites-available/000-default.conf'
+maybe chmod 0644 'apache2/sites-available/default-ssl.conf'
+maybe chmod 0755 'apache2/sites-enabled'
maybe chmod 0755 'apm'
maybe chmod 0755 'apm/event.d'
maybe chmod 0755 'apm/event.d/20hdparm'
maybe chmod 0644 'cron.d/mdadm'
maybe chmod 0755 'cron.daily'
maybe chmod 0644 'cron.daily/.placeholder'
+maybe chmod 0755 'cron.daily/apache2'
maybe chmod 0755 'cron.daily/apt-compat'
maybe chmod 0755 'cron.daily/aptitude'
maybe chmod 0755 'cron.daily/bsdmainutils'
maybe chmod 0644 'debian_version'
maybe chmod 0755 'default'
maybe chmod 0644 'default/acpid'
+maybe chmod 0644 'default/apache-htcacheclean'
maybe chmod 0644 'default/bind9'
maybe chmod 0644 'default/bsdmainutils'
maybe chmod 0644 'default/chrony'
maybe chmod 0644 'hosts.deny'
maybe chmod 0755 'init.d'
maybe chmod 0755 'init.d/acpid'
+maybe chmod 0755 'init.d/apache-htcacheclean'
+maybe chmod 0755 'init.d/apache2'
maybe chmod 0755 'init.d/atd'
maybe chmod 0755 'init.d/bind9'
maybe chmod 0755 'init.d/chrony'
maybe chmod 0644 'logrotate.conf'
maybe chmod 0755 'logrotate.d'
maybe chmod 0644 'logrotate.d/alternatives'
+maybe chmod 0644 'logrotate.d/apache2'
maybe chmod 0644 'logrotate.d/apt'
maybe chmod 0644 'logrotate.d/aptitude'
maybe chmod 0644 'logrotate.d/bind'
--- /dev/null
+# This is the main Apache server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+# /etc/apache2/
+# |-- apache2.conf
+# | `-- ports.conf
+# |-- mods-enabled
+# | |-- *.load
+# | `-- *.conf
+# |-- conf-enabled
+# | `-- *.conf
+# `-- sites-enabled
+# `-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+# together by including all remaining configuration files when starting up the
+# web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+# supposed to determine listening ports for incoming connections which can be
+# customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+# directories contain particular configuration snippets which manage modules,
+# global configuration fragments, or virtual host configurations,
+# respectively.
+#
+# They are activated by symlinking available configuration files from their
+# respective *-available/ counterparts. These should be managed by using our
+# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+# their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+# the default configuration, apache2 needs to be started/stopped with
+# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+# work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE! If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+#Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# The directory where shm and other runtime files will be stored.
+#
+
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
+</Directory>
+
+<Directory /usr/share>
+ AllowOverride None
+ Require all granted
+</Directory>
+
+<Directory /var/www/>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+#<Directory /srv/>
+# Options Indexes FollowSymLinks
+# AllowOverride None
+# Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+# SetHandler directive in a <Location /> context somewhere. Adding
+# the following three lines AFTER the <Location /> context should
+# make it work in most cases:
+# <Location /error/>
+# SetHandler none
+# </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation. To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+# <IfModule mod_include.c>
+# <IfModule mod_alias.c>
+#
+# Alias /error/ "/usr/share/apache2/error/"
+#
+# <Directory "/usr/share/apache2/error">
+# Options IncludesNoExec
+# AddOutputFilter Includes html
+# AddHandler type-map var
+# Order allow,deny
+# Allow from all
+# LanguagePriority en cs de es fr it nl sv pt-br ro
+# ForceLanguagePriority Prefer Fallback
+# </Directory>
+#
+# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+# ErrorDocument 410 /error/HTTP_GONE.html.var
+# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+# </IfModule>
+# </IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+# AllowOverride None
+# Require all denied
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+# Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+<IfModule mod_alias.c>
+ <IfModule mod_cgi.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfModule mod_cgid.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfDefine ENABLE_USR_LIB_CGI_BIN>
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+ <Directory "/usr/lib/cgi-bin">
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Require all granted
+ </Directory>
+ </IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+../conf-available/charset.conf
\ No newline at end of file
--- /dev/null
+../conf-available/localized-error-pages.conf
\ No newline at end of file
--- /dev/null
+../conf-available/other-vhosts-access-log.conf
\ No newline at end of file
--- /dev/null
+../conf-available/security.conf
\ No newline at end of file
--- /dev/null
+../conf-available/serve-cgi-bin.conf
\ No newline at end of file
--- /dev/null
+# envvars - default environment variables for apache2ctl
+
+# this won't be correct after changing uid
+unset HOME
+
+# for supporting multiple apache2 instances
+if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+ SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
+else
+ SUFFIX=
+fi
+
+# Since there is no sane way to get the parsed apache2 config in scripts, some
+# settings are defined via environment variables and then used in apache2ctl,
+# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
+export APACHE_RUN_USER=www-data
+export APACHE_RUN_GROUP=www-data
+# temporary state file location. This might be changed to /run in Wheezy+1
+export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
+export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
+export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
+
+## The locale used by some modules like mod_dav
+export LANG=C
+## Uncomment the following line to use the system default locale instead:
+#. /etc/default/locale
+
+export LANG
+
+## The command to get the status for 'apache2ctl status'.
+## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
+#export APACHE_LYNX='www-browser -dump'
+
+## If you need a higher file descriptor limit, uncomment and adjust the
+## following line (default is 8192):
+#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
+
+## If you would like to pass arguments to the web server, add them below
+## to the APACHE_ARGUMENTS environment.
+#export APACHE_ARGUMENTS=''
+
+## Enable the debug mode for maintainer scripts.
+## This will produce a verbose output on package installations of web server modules and web application
+## installations which interact with Apache
+#export APACHE2_MAINTSCRIPT_DEBUG=1
--- /dev/null
+# Magic data for mod_mime_magic (originally for file(1) command)
+#
+# The format is 4-5 columns:
+# Column #1: byte number to begin checking from, ">" indicates continuation
+# Column #2: type of data to match
+# Column #3: contents of data to match
+# Column #4: MIME type of result
+# Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff: file(1) magic for locally observed files
+# Add any locally observed files here.
+
+# Real Audio (Magic .ra\0375)
+0 belong 0x2e7261fd audio/x-pn-realaudio
+0 string .RMF application/vnd.rn-realmedia
+
+#video/x-pn-realvideo
+#video/vnd.rn-realvideo
+#application/vnd.rn-realmedia
+# sigh, there are many mimes for that but the above are the most common.
+
+# Taken from magic, converted to magic.mime
+# mime types according to http://www.geocities.com/nevilo/mod.htm:
+# audio/it .it
+# audio/x-zipped-it .itz
+# audio/xm fasttracker modules
+# audio/x-s3m screamtracker modules
+# audio/s3m screamtracker modules
+# audio/x-zipped-mod mdz
+# audio/mod mod
+# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z)
+
+# Taken from loader code from mikmod version 2.14
+# by Steve McIntyre (stevem@chiark.greenend.org.uk)
+# <doj@cubic.org> added title printing on 2003-06-24
+0 string MAS_UTrack_V00
+>14 string >/0 audio/x-mod
+#audio/x-tracker-module
+
+#0 string UN05 MikMod UNI format module sound data
+
+0 string Extended\ Module: audio/x-mod
+#audio/x-tracker-module
+##>17 string >\0 Title: "%s"
+
+21 string/c \!SCREAM! audio/x-mod
+#audio/x-screamtracker-module
+21 string BMOD2STM audio/x-mod
+#audio/x-screamtracker-module
+1080 string M.K. audio/x-mod
+#audio/x-protracker-module
+#>0 string >\0 Title: "%s"
+1080 string M!K! audio/x-mod
+#audio/x-protracker-module
+#>0 string >\0 Title: "%s"
+1080 string FLT4 audio/x-mod
+#audio/x-startracker-module
+#>0 string >\0 Title: "%s"
+1080 string FLT8 audio/x-mod
+#audio/x-startracker-module
+#>0 string >\0 Title: "%s"
+1080 string 4CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string 6CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string 8CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string CD81 audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0 string >\0 Title: "%s"
+1080 string OKTA audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0 string >\0 Title: "%s"
+# Not good enough.
+#1082 string CH
+#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data
+1080 string 16CN audio/x-mod
+#audio/x-taketracker-module
+#>0 string >\0 Title: "%s"
+1080 string 32CN audio/x-mod
+#audio/x-taketracker-module
+#>0 string >\0 Title: "%s"
+
+# Impuse tracker module (it)
+0 string IMPM audio/x-mod
+#>4 string >\0 "%s"
+#>40 leshort !0 compatible w/ITv%x
+#>42 leshort !0 created w/ITv%x
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+# xml based formats!
+
+# svg
+
+0 string \<?xml
+# text/xml
+>38 string \<\!DOCTYPE\040svg image/svg+xml
+
+
+# xml
+0 string \<?xml text/xml
+
+
+#------------------------------------------------------------------------------
+# Java
+
+0 short 0xcafe
+>2 short 0xbabe application/java
+
+#------------------------------------------------------------------------------
+# audio: file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0 string .snd
+>12 belong 1 audio/basic
+>12 belong 2 audio/basic
+>12 belong 3 audio/basic
+>12 belong 4 audio/basic
+>12 belong 5 audio/basic
+>12 belong 6 audio/basic
+>12 belong 7 audio/basic
+
+>12 belong 23 audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0 lelong 0x0064732E
+>12 lelong 1 audio/x-dec-basic
+>12 lelong 2 audio/x-dec-basic
+>12 lelong 3 audio/x-dec-basic
+>12 lelong 4 audio/x-dec-basic
+>12 lelong 5 audio/x-dec-basic
+>12 lelong 6 audio/x-dec-basic
+>12 lelong 7 audio/x-dec-basic
+# compressed (G.721 ADPCM)
+>12 lelong 23 audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+# AIFF audio data
+8 string AIFF audio/x-aiff
+# AIFF-C audio data
+8 string AIFC audio/x-aiff
+# IFF/8SVX audio data
+8 string 8SVX audio/x-aiff
+
+
+
+# Creative Labs AUDIO stuff
+# Standard MIDI data
+0 string MThd audio/unknown
+#>9 byte >0 (format %d)
+#>11 byte >1 using %d channels
+# Creative Music (CMF) data
+0 string CTMF audio/unknown
+# SoundBlaster instrument data
+0 string SBI audio/unknown
+# Creative Labs voice data
+0 string Creative\ Voice\ File audio/unknown
+## is this next line right? it came this way...
+#>19 byte 0x1A
+#>23 byte >0 - version %d
+#>22 byte >0 \b.%d
+
+# [GRR 950115: is this also Creative Labs? Guessing that first line
+# should be string instead of unknown-endian long...]
+#0 long 0x4e54524b MultiTrack sound data
+#0 string NTRK MultiTrack sound data
+#>4 long x - version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
+# Microsoft RIFF
+0 string RIFF
+# - WAVE format
+>8 string WAVE audio/x-wav
+>8 string/B AVI video/x-msvideo
+#
+>8 string CDRA image/x-coreldraw
+
+# AAC (aka MPEG-2 NBC)
+0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS
+0 string ADIF audio/X-HX-AAC-ADIF
+0 beshort&0xffe0 0x56e0 audio/MP4A-LATM
+0 beshort 0x4De1 audio/MP4A-LATM
+
+# MPEG Layer 3 sound files
+0 beshort&0xfffe =0xfffa audio/mpeg
+#MP3 with ID3 tag
+0 string ID3 audio/mpeg
+# Ogg/Vorbis
+0 string OggS application/ogg
+
+#------------------------------------------------------------------------------
+# c-lang: file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0 string /*\ XPM image/x-xpmi 7bit
+
+# 3DS (3d Studio files)
+#16 beshort 0x3d3d image/x-3ds
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+# C or REXX program text
+#0 string /* text/x-c
+# C++ program text
+#0 string // text/x-c++
+
+#------------------------------------------------------------------------------
+# commands: file(1) magic for various shells and interpreters
+#
+#0 string :\ shell archive or commands for antique kernel text
+0 string #!/bin/sh application/x-shellscript
+0 string #!\ /bin/sh application/x-shellscript
+0 string #!/bin/csh application/x-shellscript
+0 string #!\ /bin/csh application/x-shellscript
+# korn shell magic, sent by George Wu, gwu@clyde.att.com
+0 string #!/bin/ksh application/x-shellscript
+0 string #!\ /bin/ksh application/x-shellscript
+0 string #!/bin/tcsh application/x-shellscript
+0 string #!\ /bin/tcsh application/x-shellscript
+0 string #!/usr/local/tcsh application/x-shellscript
+0 string #!\ /usr/local/tcsh application/x-shellscript
+0 string #!/usr/local/bin/tcsh application/x-shellscript
+0 string #!\ /usr/local/bin/tcsh application/x-shellscript
+# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+0 string #!/bin/bash application/x-shellscript
+0 string #!\ /bin/bash application/x-shellscript
+0 string #!/usr/local/bin/bash application/x-shellscript
+0 string #!\ /usr/local/bin/bash application/x-shellscript
+
+#
+# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
+0 string #!/bin/zsh application/x-shellscript
+0 string #!/usr/bin/zsh application/x-shellscript
+0 string #!/usr/local/bin/zsh application/x-shellscript
+0 string #!\ /usr/local/bin/zsh application/x-shellscript
+0 string #!/usr/local/bin/ash application/x-shellscript
+0 string #!\ /usr/local/bin/ash application/x-shellscript
+#0 string #!/usr/local/bin/ae Neil Brown's ae
+#0 string #!\ /usr/local/bin/ae Neil Brown's ae
+0 string #!/bin/nawk application/x-nawk
+0 string #!\ /bin/nawk application/x-nawk
+0 string #!/usr/bin/nawk application/x-nawk
+0 string #!\ /usr/bin/nawk application/x-nawk
+0 string #!/usr/local/bin/nawk application/x-nawk
+0 string #!\ /usr/local/bin/nawk application/x-nawk
+0 string #!/bin/gawk application/x-gawk
+0 string #!\ /bin/gawk application/x-gawk
+0 string #!/usr/bin/gawk application/x-gawk
+0 string #!\ /usr/bin/gawk application/x-gawk
+0 string #!/usr/local/bin/gawk application/x-gawk
+0 string #!\ /usr/local/bin/gawk application/x-gawk
+#
+0 string #!/bin/awk application/x-awk
+0 string #!\ /bin/awk application/x-awk
+0 string #!/usr/bin/awk application/x-awk
+0 string #!\ /usr/bin/awk application/x-awk
+# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
+#0 regex BEGIN[[:space:]]*[{] application/x-awk
+
+# For Larry Wall's perl language. The ``eval'' line recognizes an
+# outrageously clever hack for USG systems.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+0 string #!/bin/perl application/x-perl
+0 string #!\ /bin/perl application/x-perl
+0 string eval\ "exec\ /bin/perl application/x-perl
+0 string #!/usr/bin/perl application/x-perl
+0 string #!\ /usr/bin/perl application/x-perl
+0 string eval\ "exec\ /usr/bin/perl application/x-perl
+0 string #!/usr/local/bin/perl application/x-perl
+0 string #!\ /usr/local/bin/perl application/x-perl
+0 string eval\ "exec\ /usr/local/bin/perl application/x-perl
+
+#------------------------------------------------------------------------------
+# compress: file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+#0 string \037\235 application/x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+#0 string \037\213 application/x-gzip
+
+0 string PK\003\004 application/x-zip
+
+# RAR archiver (Greg Roelofs, newt@uchicago.edu)
+0 string Rar! application/x-rar
+
+# According to gzip.h, this is the correct byte order for packed data.
+0 string \037\036 application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0 short 017437 application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0 short 0x1fff application/octet-stream
+0 string \377\037 application/octet-stream
+# huf output
+0 short 0145405 application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats. Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+#0 leshort 0x76FF squeezed data (CP/M, DOS)
+#0 leshort 0x76FE crunched data (CP/M, DOS)
+
+# Freeze
+#0 string \037\237 Frozen file 2.1
+#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0 string \037\240 LZH compressed data
+
+257 string ustar\0 application/x-tar posix
+257 string ustar\040\040\0 application/x-tar gnu
+
+0 short 070707 application/x-cpio
+0 short 0143561 application/x-cpio swapped
+
+0 string =<ar> application/x-archive
+0 string \!<arch> application/x-archive
+>8 string debian application/x-debian-package
+
+#------------------------------------------------------------------------------
+#
+# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com)
+#
+0 beshort 0xedab
+>2 beshort 0xeedb application/x-rpm
+
+0 lelong&0x8080ffff 0x0000081a application/x-arc lzw
+0 lelong&0x8080ffff 0x0000091a application/x-arc squashed
+0 lelong&0x8080ffff 0x0000021a application/x-arc uncompressed
+0 lelong&0x8080ffff 0x0000031a application/x-arc packed
+0 lelong&0x8080ffff 0x0000041a application/x-arc squeezed
+0 lelong&0x8080ffff 0x0000061a application/x-arc crunched
+
+0 leshort 0xea60 application/x-arj
+
+# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
+2 string -lh0- application/x-lharc lh0
+2 string -lh1- application/x-lharc lh1
+2 string -lz4- application/x-lharc lz4
+2 string -lz5- application/x-lharc lz5
+# [never seen any but the last; -lh4- reported in comp.compression:]
+2 string -lzs- application/x-lha lzs
+2 string -lh\ - application/x-lha lh
+2 string -lhd- application/x-lha lhd
+2 string -lh2- application/x-lha lh2
+2 string -lh3- application/x-lha lh3
+2 string -lh4- application/x-lha lh4
+2 string -lh5- application/x-lha lh5
+2 string -lh6- application/x-lha lh6
+2 string -lh7- application/x-lha lh7
+# Shell archives
+10 string #\ This\ is\ a\ shell\ archive application/octet-stream x-shell
+
+#------------------------------------------------------------------------------
+# frame: file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0 string \<MakerFile application/x-frame
+0 string \<MIFFile application/x-frame
+0 string \<MakerDictionary application/x-frame
+0 string \<MakerScreenFon application/x-frame
+0 string \<MML application/x-frame
+0 string \<Book application/x-frame
+0 string \<Maker application/x-frame
+
+#------------------------------------------------------------------------------
+# html: file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+#
+0 string/cB \<!DOCTYPE\ html text/html
+0 string/cb \<head text/html
+0 string/cb \<title text/html
+0 string/bc \<html text/html
+0 string \<!-- text/html
+0 string/c \<h1 text/html
+
+0 string \<?xml text/xml
+
+#------------------------------------------------------------------------------
+# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR: what the hell is this doing in here?]
+#0 string xbtoa btoa'd file
+
+# PBMPLUS
+# PBM file
+0 string P1 image/x-portable-bitmap 7bit
+# PGM file
+0 string P2 image/x-portable-greymap 7bit
+# PPM file
+0 string P3 image/x-portable-pixmap 7bit
+# PBM "rawbits" file
+0 string P4 image/x-portable-bitmap
+# PGM "rawbits" file
+0 string P5 image/x-portable-greymap
+# PPM "rawbits" file
+0 string P6 image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR: this *must* go before TIFF]
+0 string IIN1 image/x-niff
+
+# TIFF and friends
+# TIFF file, big-endian
+0 string MM image/tiff
+# TIFF file, little-endian
+0 string II image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115: this was mine ("Zip GIF"):
+# ZIF image (GIF+deflate alpha)
+0 string GIF94z image/unknown
+#
+# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
+# FGF image (GIF+deflate beta)
+0 string FGF95a image/unknown
+#
+# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+# PBF image (deflate compression)
+0 string PBF image/unknown
+
+# GIF
+0 string GIF image/gif
+
+# JPEG images
+0 beshort 0xffd8 image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
+0 string BM image/x-ms-bmp
+#>14 byte 12 (OS/2 1.x format)
+#>14 byte 64 (OS/2 2.x format)
+#>14 byte 40 (Windows 3.x format)
+#0 string IC icon
+#0 string PI pointer
+#0 string CI color icon
+#0 string CP color pointer
+#0 string BA bitmap array
+
+# CDROM Filesystems
+32769 string CD001 application/x-iso9660
+
+# Newer StuffIt archives (grant@netbsd.org)
+0 string StuffIt application/x-stuffit
+#>162 string >0 : %s
+
+# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
+# Daniel Quinlan, quinlan@yggdrasil.com
+11 string must\ be\ converted\ with\ BinHex\ 4 application/mac-binhex40
+##>41 string x \b, version %.3s
+
+
+#------------------------------------------------------------------------------
+# lisp: file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 string ;; text/plain 8bit
+# Emacs 18 - this is always correct, but not very magical.
+0 string \012( application/x-elc
+# Emacs 19
+0 string ;ELC\023\000\000\000 application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news: file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0 string Relay-Version: message/rfc822 7bit
+0 string #!\ rnews message/rfc822 7bit
+0 string N#!\ rnews message/rfc822 7bit
+0 string Forward\ to message/rfc822 7bit
+0 string Pipe\ to message/rfc822 7bit
+0 string Return-Path: message/rfc822 7bit
+0 string Received: message/rfc822
+0 string Path: message/news 8bit
+0 string Xref: message/news 8bit
+0 string From: message/rfc822 7bit
+0 string Article message/news 8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0 string \376\067\0\043 application/msword
+0 string \320\317\021\340\241\261 application/msword
+0 string \333\245-\0\0\0 application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer: file(1) magic for printer-formatted files
+#
+
+# PostScript
+0 string %! application/postscript
+0 string \004%! application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0 string %PDF- application/pdf
+
+#------------------------------------------------------------------------------
+# sc: file(1) magic for "sc" spreadsheet
+#
+38 string Spreadsheet application/x-sc
+
+#------------------------------------------------------------------------------
+# tex: file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0 string \367\002 application/x-dvi
+#0 string \367\203 TeX generic font data
+#0 string \367\131 TeX packed font data
+#0 string \367\312 TeX virtual font data
+#0 string This\ is\ TeX, TeX transcript text
+#0 string This\ is\ METAFONT, METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data. The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+2 string \000\021 application/x-tex-tfm
+2 string \000\022 application/x-tex-tfm
+#>34 string >\0 (%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 string \\input\ texinfo text/x-texinfo
+0 string This\ is\ Info\ file text/x-info
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0 leshort 0x02f7 application/x-dvi
+
+# RTF - Rich Text Format
+0 string {\\rtf text/rtf
+
+#------------------------------------------------------------------------------
+# animation: file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+# MPEG file
+# MPEG sequences
+0 belong 0x000001BA
+>4 byte &0x40 video/mp2p
+>4 byte ^0x40 video/mpeg
+0 belong 0x000001BB video/mpeg
+0 belong 0x000001B0 video/mp4v-es
+0 belong 0x000001B5 video/mp4v-es
+0 belong 0x000001B3 video/mpv
+0 belong&0xFF5FFF1F 0x47400010 video/mp2t
+0 belong 0x00000001
+>4 byte&0x1F 0x07 video/h264
+
+# FLI animation format
+0 leshort 0xAF11 video/fli
+# FLC animation format
+0 leshort 0xAF12 video/flc
+#
+# SGI and Apple formats
+# Added ISO mimes
+0 string MOVI video/sgi
+4 string moov video/quicktime
+4 string mdat video/quicktime
+4 string wide video/quicktime
+4 string skip video/quicktime
+4 string free video/quicktime
+4 string idsc image/x-quicktime
+4 string idat image/x-quicktime
+4 string pckg application/x-quicktime
+4 string/B jP image/jp2
+4 string ftyp
+>8 string isom video/mp4
+>8 string mp41 video/mp4
+>8 string mp42 video/mp4
+>8 string/B jp2 image/jp2
+>8 string 3gp video/3gpp
+>8 string avc1 video/3gpp
+>8 string mmp4 video/mp4
+>8 string/B M4A audio/mp4
+>8 string/B qt video/quicktime
+# The contributor claims:
+# I couldn't find a real magic number for these, however, this
+# -appears- to work. Note that it might catch other files, too,
+# so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+# DL file version 1 , medium format (160x100, 4 images/screen)
+0 byte 1 video/unknown
+0 byte 2 video/unknown
+#
+# Databases
+#
+# GDBM magic numbers
+# Will be maintained as part of the GDBM distribution in the future.
+# <downsj@teeny.org>
+0 belong 0x13579ace application/x-gdbm
+0 lelong 0x13579ace application/x-gdbm
+0 string GDBM application/x-gdbm
+#
+0 belong 0x061561 application/x-dbm
+#
+# Executables
+#
+0 string \177ELF
+>16 leshort 0 application/octet-stream
+>16 leshort 1 application/x-object
+>16 leshort 2 application/x-executable
+>16 leshort 3 application/x-sharedlib
+>16 leshort 4 application/x-coredump
+>16 beshort 0 application/octet-stream
+>16 beshort 1 application/x-object
+>16 beshort 2 application/x-executable
+>16 beshort 3 application/x-sharedlib
+>16 beshort 4 application/x-coredump
+#
+# DOS
+0 string MZ application/x-dosexec
+#
+# KDE
+0 string [KDE\ Desktop\ Entry] application/x-kdelnk
+0 string \#\ KDE\ Config\ File application/x-kdelnk
+# xmcd database file for kscd
+0 string \#\ xmcd text/xmcd
+
+#------------------------------------------------------------------------------
+# pkgadd: file(1) magic for SysV R4 PKG Datastreams
+#
+0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
+
+#PNG Image Format
+0 string \x89PNG image/png
+
+# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
+0 string \x8aMNG video/x-mng
+0 string \x8aJNG video/x-jng
+
+#------------------------------------------------------------------------------
+# Hierarchical Data Format, used to facilitate scientific data exchange
+# specifications at http://hdf.ncsa.uiuc.edu/
+#Hierarchical Data Format (version 4) data
+0 belong 0x0e031301 application/x-hdf
+#Hierarchical Data Format (version 5) data
+0 string \211HDF\r\n\032 application/x-hdf
+
+# Adobe Photoshop
+0 string 8BPS image/x-photoshop
+
+# Felix von Leitner <felix-file@fefe.de>
+0 string d8:announce application/x-bittorrent
+
+
+# lotus 1-2-3 document
+0 belong 0x00001a00 application/x-123
+0 belong 0x00000200 application/x-123
+
+# MS Access database
+4 string Standard\ Jet\ DB application/msaccess
+
+## magic for XBase files
+#0 byte 0x02
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x03
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x04
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x05
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x30
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x43
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x7b
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x83
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x8b
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x8e
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0xb3
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0xf5
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 leshort 0x0006 application/x-dbt
+
+# Debian has entries for the old PGP formats:
+# pgp: file(1) magic for Pretty Good Privacy
+# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
+#text/PGP key public ring
+0 beshort 0x9900 application/pgp
+#text/PGP key security ring
+0 beshort 0x9501 application/pgp
+#text/PGP key security ring
+0 beshort 0x9500 application/pgp
+#text/PGP encrypted data
+0 beshort 0xa600 application/pgp-encrypted
+#text/PGP armored data
+##public key block
+2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys
+0 string -----BEGIN\040PGP\40MESSAGE- application/pgp
+0 string -----BEGIN\040PGP\40SIGNATURE- application/pgp-signature
+#
+# GnuPG Magic:
+#
+#
+#text/GnuPG key public ring
+0 beshort 0x9901 application/pgp
+#text/OpenPGP data
+0 beshort 0x8501 application/pgp-encrypted
+
+# flash: file(1) magic for Macromedia Flash file format
+#
+# See
+#
+# http://www.macromedia.com/software/flash/open/
+#
+0 string FWS
+>3 byte x application/x-shockwave-flash
+
+# The following paramaters are created for Namazu.
+# <http://www.namazu.org/>
+#
+# 1999/08/13
+#0 string \<!--\ MHonArc text/html; x-type=mhonarc
+0 string BZh application/x-bzip2
+
+# 1999/09/09
+# VRML (suggested by Masao Takaku)
+0 string #VRML\ V1.0\ ascii model/vrml
+0 string #VRML\ V2.0\ utf8 model/vrml
+
+#------------------------------------------------------------------------------
+# ichitaro456: file(1) magic for Just System Word Processor Ichitaro
+#
+# Contributor kenzo-:
+# Reversed-engineered JS Ichitaro magic numbers
+#
+
+0 string DOC
+>43 byte 0x14 application/ichitaro4
+>144 string JDASH application/ichitaro4
+
+0 string DOC
+>43 byte 0x15 application/ichitaro5
+
+0 string DOC
+>43 byte 0x16 application/ichitaro6
+
+#------------------------------------------------------------------------------
+# office97: file(1) magic for MicroSoft Office files
+#
+# Contributor kenzo-:
+# Reversed-engineered MS Office magic numbers
+#
+
+#0 string \320\317\021\340\241\261\032\341
+#>48 byte 0x1B application/excel
+
+2080 string Microsoft\ Excel\ 5.0\ Worksheet application/excel
+2114 string Biff5 application/excel
+
+0 string \224\246\056 application/msword
+
+0 belong 0x31be0000 application/msword
+
+0 string PO^Q` application/msword
+
+0 string \320\317\021\340\241\261\032\341
+>546 string bjbj application/msword
+>546 string jbjb application/msword
+
+512 string R\0o\0o\0t\0\ \0E\0n\0t\0r\0y application/msword
+
+2080 string Microsoft\ Word\ 6.0\ Document application/msword
+2080 string Documento\ Microsoft\ Word\ 6 application/msword
+2112 string MSWordDoc application/msword
+
+#0 string \320\317\021\340\241\261\032\341 application/powerpoint
+0 string \320\317\021\340\241\261\032\341 application/msword
+
+0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
+
+
+# WinNT/WinCE PE files (Warner Losh, imp@village.org)
+#
+128 string PE\000\000 application/octet-stream
+0 string PE\000\000 application/octet-stream
+
+# miscellaneous formats
+0 string LZ application/octet-stream
+
+
+# .EXE formats (Greg Roelofs, newt@uchicago.edu)
+#
+0 string MZ
+>24 string @ application/octet-stream
+
+0 string MZ
+>30 string Copyright\ 1989-1990\ PKWARE\ Inc. application/x-zip
+
+0 string MZ
+>30 string PKLITE\ Copr. application/x-zip
+
+0 string MZ
+>36 string LHa's\ SFX application/x-lha
+
+0 string MZ application/octet-stream
+
+# LHA archiver
+2 string -lh
+>6 string - application/x-lha
+
+
+# Zoo archiver
+20 lelong 0xfdc4a7dc application/x-zoo
+
+# ARC archiver
+0 lelong&0x8080ffff 0x0000081a application/x-arc
+0 lelong&0x8080ffff 0x0000091a application/x-arc
+0 lelong&0x8080ffff 0x0000021a application/x-arc
+0 lelong&0x8080ffff 0x0000031a application/x-arc
+0 lelong&0x8080ffff 0x0000041a application/x-arc
+0 lelong&0x8080ffff 0x0000061a application/x-arc
+
+# Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF)
+0 lelong 0x223e9f78 application/ms-tnef
+
+# From: stephane.loeuillet@tiscali.f
+# http://www.djvuzone.org/
+0 string AT&TFORM image/x.djvu
+
+# Danny Milosavljevic <danny.milo@gmx.net>
+# this are adrift (adventure game standard) game files, extension .taf
+# depending on version magic continues with 0x93453E6139FA (V 4.0)
+# 0x9445376139FA (V 3.90)
+# 0x9445366139FA (V 3.80)
+# this is from source (http://www.adrift.org.uk/) and I have some taf
+# files, and checked them.
+#0 belong 0x3C423FC9
+#>4 belong 0x6A87C2CF application/x-adrift
+#0 string \000\000\001\000 image/x-ico
+
+# Quark Xpress 3 Files:
+# (made the mimetype up)
+0 string \0\0MMXPR3\0 application/x-quark-xpress-3
+
+# EET archive
+# From: Tilman Sauerbeck <tilman@code-monkey.de>
+0 belong 0x1ee7ff00 application/x-eet
+
+# From: Denis Knauf, via gentoo.
+0 string fLaC audio/x-flac
+0 string CWS application/x-shockwave-flash
+
+# Gnumeric spreadsheet
+# This entry is only semi-helpful, as Gnumeric compresses its files, so
+# they will ordinarily reported as "compressed", but at least -z helps
+39 string =<gmr:Workbook application/x-gnumeric
+
--- /dev/null
+# Depends: authn_core
+LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
--- /dev/null
+# a2enmod-note: needs-configuration
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule actions_module /usr/lib/apache2/modules/mod_actions.so
--- /dev/null
+<IfModule alias_module>
+ # Aliases: Add here as many aliases as you need (with no limit). The format is
+ # Alias fakename realname
+ #
+ # Note that if you include a trailing / on fakename then the server will
+ # require it to be present in the URL. So "/icons" isn't aliased in this
+ # example, only "/icons/". If the fakename is slash-terminated, then the
+ # realname must also be slash terminated, and if the fakename omits the
+ # trailing slash, the realname must also omit it.
+ #
+ # We include the /icons/ alias for FancyIndexed directory listings. If
+ # you do not use FancyIndexing, you may comment this out.
+
+ Alias /icons/ "/usr/share/apache2/icons/"
+
+ <Directory "/usr/share/apache2/icons">
+ Options FollowSymlinks
+ AllowOverride None
+ Require all granted
+ </Directory>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
--- /dev/null
+LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so
--- /dev/null
+# Depends: mime
+LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so
--- /dev/null
+# Depends: authn_core
+LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
--- /dev/null
+# Depends: authn_core
+LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
--- /dev/null
+# Depends: session authn_core
+LoadModule auth_form_module /usr/lib/apache2/modules/mod_auth_form.so
--- /dev/null
+LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so
--- /dev/null
+LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
--- /dev/null
+# Depends: dbd
+LoadModule authn_dbd_module /usr/lib/apache2/modules/mod_authn_dbd.so
--- /dev/null
+LoadModule authn_dbm_module /usr/lib/apache2/modules/mod_authn_dbm.so
--- /dev/null
+LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
--- /dev/null
+LoadModule authn_socache_module /usr/lib/apache2/modules/mod_authn_socache.so
--- /dev/null
+LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so
--- /dev/null
+# Depends: ldap
+LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
--- /dev/null
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
--- /dev/null
+# Depends: dbd authz_core
+LoadModule authz_dbd_module /usr/lib/apache2/modules/mod_authz_dbd.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
--- /dev/null
+LoadModule authz_owner_module /usr/lib/apache2/modules/mod_authz_owner.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
--- /dev/null
+<IfModule mod_autoindex.c>
+ # Directives controlling the display of server-generated directory listings.
+
+ #
+ # IndexOptions: Controls the appearance of server-generated directory
+ # listings.
+ # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+
+ #
+ # AddIcon* directives tell the server which icon to show for different
+ # files or filename extensions. These are only displayed for
+ # FancyIndexed directories.
+ AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+
+ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
+
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+ AddIcon /icons/tar.gif .tar
+ AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+ AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+ AddIcon /icons/a.gif .ps .ai .eps
+ AddIcon /icons/layout.gif .html .shtml .htm .pdf
+ AddIcon /icons/text.gif .txt
+ AddIcon /icons/c.gif .c
+ AddIcon /icons/p.gif .pl .py
+ AddIcon /icons/f.gif .for
+ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+ # It's a suffix rule, so simply matching "core" matches "score" as well !
+ AddIcon /icons/bomb.gif /core
+ AddIcon (SND,/icons/sound2.gif) .ogg
+ AddIcon (VID,/icons/movie.gif) .ogm
+
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+ AddIcon /icons/folder.gif ^^DIRECTORY^^
+ AddIcon /icons/blank.gif ^^BLANKICON^^
+
+ # Default icons for OpenDocument format
+ AddIcon /icons/odf6odt-20x22.png .odt
+ AddIcon /icons/odf6ods-20x22.png .ods
+ AddIcon /icons/odf6odp-20x22.png .odp
+ AddIcon /icons/odf6odg-20x22.png .odg
+ AddIcon /icons/odf6odc-20x22.png .odc
+ AddIcon /icons/odf6odf-20x22.png .odf
+ AddIcon /icons/odf6odb-20x22.png .odb
+ AddIcon /icons/odf6odi-20x22.png .odi
+ AddIcon /icons/odf6odm-20x22.png .odm
+
+ AddIcon /icons/odf6ott-20x22.png .ott
+ AddIcon /icons/odf6ots-20x22.png .ots
+ AddIcon /icons/odf6otp-20x22.png .otp
+ AddIcon /icons/odf6otg-20x22.png .otg
+ AddIcon /icons/odf6otc-20x22.png .otc
+ AddIcon /icons/odf6otf-20x22.png .otf
+ AddIcon /icons/odf6oti-20x22.png .oti
+ AddIcon /icons/odf6oth-20x22.png .oth
+
+ #
+ # DefaultIcon is which icon to show for files which do not have an icon
+ # explicitly set.
+ DefaultIcon /icons/unknown.gif
+
+ #
+ # AddDescription allows you to place a short description after a file in
+ # server-generated indexes. These are only displayed for FancyIndexed
+ # directories.
+ # Format: AddDescription "description" filename
+ #AddDescription "GZIP compressed document" .gz
+ #AddDescription "tar archive" .tar
+ #AddDescription "GZIP compressed tar archive" .tgz
+
+ #
+ # ReadmeName is the name of the README file the server will look for by
+ # default, and append to directory listings.
+ #
+ # HeaderName is the name of a file which should be prepended to
+ # directory indexes
+ ReadmeName README.html
+ HeaderName HEADER.html
+
+ #
+ # IndexIgnore is a set of filenames which directory indexing should ignore
+ # and not include in the listing. Shell-style wildcarding is permitted.
+ IndexIgnore .??* *~ *# RCS CVS *,v *,t
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so
--- /dev/null
+LoadModule brotli_module /usr/lib/apache2/modules/mod_brotli.so
--- /dev/null
+LoadModule buffer_module /usr/lib/apache2/modules/mod_buffer.so
--- /dev/null
+LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so
--- /dev/null
+<IfModule mod_cache_disk.c>
+
+ # cache cleaning is done by htcacheclean, which can be configured in
+ # /etc/default/apache2
+ #
+ # For further information, see the comments in that file,
+ # /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
+ # man page.
+
+ # This path must be the same as the one in /etc/default/apache2
+ CacheRoot /var/cache/apache2/mod_cache_disk
+
+ # This will also cache local documents. It usually makes more sense to
+ # put this into the configuration for just one virtual host.
+ #CacheEnable disk /
+
+
+ # The result of CacheDirLevels * CacheDirLength must not be higher than
+ # 20. Moreover, pay attention on file system limits. Some file systems
+ # do not support more than a certain number of inodes and
+ # subdirectories (e.g. 32000 for ext3)
+ CacheDirLevels 2
+ CacheDirLength 1
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: cache
+LoadModule cache_disk_module /usr/lib/apache2/modules/mod_cache_disk.so
--- /dev/null
+# Depends: cache
+LoadModule cache_socache_module /usr/lib/apache2/modules/mod_cache_socache.so
--- /dev/null
+LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so
--- /dev/null
+LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
--- /dev/null
+# Socket for cgid communication
+ScriptSock ${APACHE_RUN_DIR}/cgisock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so
--- /dev/null
+LoadModule charset_lite_module /usr/lib/apache2/modules/mod_charset_lite.so
--- /dev/null
+LoadModule data_module /usr/lib/apache2/modules/mod_data.so
--- /dev/null
+LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
--- /dev/null
+DAVLockDB ${APACHE_LOCK_DIR}/DAVLock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: dav
+LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so
--- /dev/null
+LoadModule dav_lock_module /usr/lib/apache2/modules/mod_dav_lock.so
--- /dev/null
+LoadModule dbd_module /usr/lib/apache2/modules/mod_dbd.so
--- /dev/null
+<IfModule mod_deflate.c>
+ <IfModule mod_filter.c>
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/xml
+ </IfModule>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: filter
+LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
--- /dev/null
+LoadModule dialup_module /usr/lib/apache2/modules/mod_dialup.so
--- /dev/null
+<IfModule mod_dir.c>
+ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
--- /dev/null
+LoadModule dumpio_module /usr/lib/apache2/modules/mod_dumpio.so
--- /dev/null
+LoadModule echo_module /usr/lib/apache2/modules/mod_echo.so
--- /dev/null
+LoadModule env_module /usr/lib/apache2/modules/mod_env.so
--- /dev/null
+LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
--- /dev/null
+LoadModule ext_filter_module /usr/lib/apache2/modules/mod_ext_filter.so
--- /dev/null
+# Depends: cache
+LoadModule file_cache_module /usr/lib/apache2/modules/mod_file_cache.so
--- /dev/null
+LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
--- /dev/null
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
--- /dev/null
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartbeat_module /usr/lib/apache2/modules/mod_heartbeat.so
--- /dev/null
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartmonitor_module /usr/lib/apache2/modules/mod_heartmonitor.so
--- /dev/null
+
+# mod_http2 doesn't work with mpm_prefork
+<IfModule !mpm_prefork>
+ Protocols h2 h2c http/1.1
+
+ # # HTTP/2 push configuration
+ #
+ # H2Push on
+ #
+ # # Default Priority Rule
+ #
+ # H2PushPriority * After 16
+ #
+ # # More complex ruleset:
+ #
+ # H2PushPriority * after
+ # H2PushPriority text/css before
+ # H2PushPriority image/jpeg after 32
+ # H2PushPriority image/png after 32
+ # H2PushPriority application/javascript interleaved
+ #
+ # # Configure some stylesheet and script to be pushed by the webserver
+ #
+ # <FilesMatch "\.html$">
+ # Header add Link "</style.css>; rel=preload; as=style"
+ # Header add Link "</script.js>; rel=preload; as=script"
+ # </FilesMatch>
+ # Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
+ # you may want to change your LogFormat directive as follow:
+ #
+ # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B" common
+</IfModule>
--- /dev/null
+LoadModule http2_module /usr/lib/apache2/modules/mod_http2.so
--- /dev/null
+LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so
--- /dev/null
+LoadModule imagemap_module /usr/lib/apache2/modules/mod_imagemap.so
--- /dev/null
+# Depends: mime
+LoadModule include_module /usr/lib/apache2/modules/mod_include.so
--- /dev/null
+<IfModule mod_info.c>
+
+ # Allow remote server configuration reports, with the URL of
+ # http://servername/server-info (requires that mod_info.c be loaded).
+ # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+ #
+ <Location /server-info>
+ SetHandler server-info
+ Require local
+ #Require ip 192.0.2.0/24
+ </Location>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule info_module /usr/lib/apache2/modules/mod_info.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_bybusyness_module /usr/lib/apache2/modules/mod_lbmethod_bybusyness.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_bytraffic_module /usr/lib/apache2/modules/mod_lbmethod_bytraffic.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_heartbeat_module /usr/lib/apache2/modules/mod_lbmethod_heartbeat.so
--- /dev/null
+<Location /ldap-status>
+ SetHandler ldap-status
+ Require local
+</Location>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
--- /dev/null
+LoadModule log_debug_module /usr/lib/apache2/modules/mod_log_debug.so
--- /dev/null
+LoadModule log_forensic_module /usr/lib/apache2/modules/mod_log_forensic.so
--- /dev/null
+LoadModule lua_module /usr/lib/apache2/modules/mod_lua.so
--- /dev/null
+LoadModule macro_module /usr/lib/apache2/modules/mod_macro.so
--- /dev/null
+LoadModule md_module /usr/lib/apache2/modules/mod_md.so
--- /dev/null
+<IfModule mod_mime.c>
+
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file mime.types for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ # Despite the name similarity, the following Add* directives have
+ # nothing to do with the FancyIndexing customization directives above.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #AddEncoding x-bzip2 .bz2
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+ AddType application/x-bzip2 .bz2
+
+ #
+ # DefaultLanguage and AddLanguage allows you to specify the language of
+ # a document. You can then use content negotiation to give a browser a
+ # file in a language the user can understand.
+ #
+ # Specify a default language. This means that all data
+ # going out without a specific language tag (see below) will
+ # be marked with this one. You probably do NOT want to set
+ # this unless you are sure it is correct for all cases.
+ #
+ # * It is generally better to not mark a page as
+ # * being a certain language than marking it with the wrong
+ # * language!
+ #
+ # DefaultLanguage nl
+ #
+ # Note 1: The suffix does not have to be the same as the language
+ # keyword --- those with documents in Polish (whose net-standard
+ # language code is pl) may wish to use "AddLanguage pl .po" to
+ # avoid the ambiguity with the common suffix for perl scripts.
+ #
+ # Note 2: The example entries below illustrate that in some cases
+ # the two character 'Language' abbreviation is not identical to
+ # the two character 'Country' code for its country,
+ # E.g. 'Danmark/dk' versus 'Danish/da'.
+ #
+ # Note 3: In the case of 'ltz' we violate the RFC by using a three char
+ # specifier. There is 'work in progress' to fix this and get
+ # the reference data for rfc1766 cleaned up.
+ #
+ # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+ # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+ # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+ # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+ # Norwegian (no) - Polish (pl) - Portugese (pt)
+ # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+ # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+ #
+ AddLanguage am .amh
+ AddLanguage ar .ara
+ AddLanguage be .be
+ AddLanguage bg .bg
+ AddLanguage bn .bn
+ AddLanguage br .br
+ AddLanguage bs .bs
+ AddLanguage ca .ca
+ AddLanguage cs .cz .cs
+ AddLanguage cy .cy
+ AddLanguage da .dk
+ AddLanguage de .de
+ AddLanguage dz .dz
+ AddLanguage el .el
+ AddLanguage en .en
+ AddLanguage eo .eo
+ # es is ecmascript in /etc/mime.types
+ RemoveType es
+ AddLanguage es .es
+ AddLanguage et .et
+ AddLanguage eu .eu
+ AddLanguage fa .fa
+ AddLanguage fi .fi
+ AddLanguage fr .fr
+ AddLanguage ga .ga
+ AddLanguage gl .glg
+ AddLanguage gu .gu
+ AddLanguage he .he
+ AddLanguage hi .hi
+ AddLanguage hr .hr
+ AddLanguage hu .hu
+ AddLanguage hy .hy
+ AddLanguage id .id
+ AddLanguage is .is
+ AddLanguage it .it
+ AddLanguage ja .ja
+ AddLanguage ka .ka
+ AddLanguage kk .kk
+ AddLanguage km .km
+ AddLanguage kn .kn
+ AddLanguage ko .ko
+ AddLanguage ku .ku
+ AddLanguage lo .lo
+ AddLanguage lt .lt
+ AddLanguage ltz .ltz
+ AddLanguage lv .lv
+ AddLanguage mg .mg
+ AddLanguage mk .mk
+ AddLanguage ml .ml
+ AddLanguage mr .mr
+ AddLanguage ms .msa
+ AddLanguage nb .nob
+ AddLanguage ne .ne
+ AddLanguage nl .nl
+ AddLanguage nn .nn
+ AddLanguage no .no
+ AddLanguage pa .pa
+ AddLanguage pl .po
+ AddLanguage pt-BR .pt-br
+ AddLanguage pt .pt
+ AddLanguage ro .ro
+ AddLanguage ru .ru
+ AddLanguage sa .sa
+ AddLanguage se .se
+ AddLanguage si .si
+ AddLanguage sk .sk
+ AddLanguage sl .sl
+ AddLanguage sq .sq
+ AddLanguage sr .sr
+ AddLanguage sv .sv
+ AddLanguage ta .ta
+ AddLanguage te .te
+ AddLanguage th .th
+ AddLanguage tl .tl
+ RemoveType tr
+ # tr is troff in /etc/mime.types
+ AddLanguage tr .tr
+ AddLanguage uk .uk
+ AddLanguage ur .ur
+ AddLanguage vi .vi
+ AddLanguage wo .wo
+ AddLanguage xh .xh
+ AddLanguage zh-CN .zh-cn
+ AddLanguage zh-TW .zh-tw
+
+ #
+ # Commonly used filename extensions to character sets. You probably
+ # want to avoid clashes with the language extensions, unless you
+ # are good at carefully testing your setup after each change.
+ # See http://www.iana.org/assignments/character-sets for the
+ # official list of charset names and their respective RFCs.
+ #
+ AddCharset us-ascii .ascii .us-ascii
+ AddCharset ISO-8859-1 .iso8859-1 .latin1
+ AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+ AddCharset ISO-8859-3 .iso8859-3 .latin3
+ AddCharset ISO-8859-4 .iso8859-4 .latin4
+ AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+ AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+ AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+ AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+ AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+ AddCharset ISO-8859-10 .iso8859-10 .latin6
+ AddCharset ISO-8859-13 .iso8859-13
+ AddCharset ISO-8859-14 .iso8859-14 .latin8
+ AddCharset ISO-8859-15 .iso8859-15 .latin9
+ AddCharset ISO-8859-16 .iso8859-16 .latin10
+ AddCharset ISO-2022-JP .iso2022-jp .jis
+ AddCharset ISO-2022-KR .iso2022-kr .kis
+ AddCharset ISO-2022-CN .iso2022-cn .cis
+ AddCharset Big5 .Big5 .big5 .b5
+ AddCharset cn-Big5 .cn-big5
+ # For russian, more than one charset is used (depends on client, mostly):
+ AddCharset WINDOWS-1251 .cp-1251 .win-1251
+ AddCharset CP866 .cp866
+ AddCharset KOI8 .koi8
+ AddCharset KOI8-E .koi8-e
+ AddCharset KOI8-r .koi8-r .koi8-ru
+ AddCharset KOI8-U .koi8-u
+ AddCharset KOI8-ru .koi8-uk .ua
+ AddCharset ISO-10646-UCS-2 .ucs2
+ AddCharset ISO-10646-UCS-4 .ucs4
+ AddCharset UTF-7 .utf7
+ AddCharset UTF-8 .utf8
+ AddCharset UTF-16 .utf16
+ AddCharset UTF-16BE .utf16be
+ AddCharset UTF-16LE .utf16le
+ AddCharset UTF-32 .utf32
+ AddCharset UTF-32BE .utf32be
+ AddCharset UTF-32LE .utf32le
+ AddCharset euc-cn .euc-cn
+ AddCharset euc-gb .euc-gb
+ AddCharset euc-jp .euc-jp
+ AddCharset euc-kr .euc-kr
+ #Not sure how euc-tw got in - IANA doesn't list it???
+ AddCharset EUC-TW .euc-tw
+ AddCharset gb2312 .gb2312 .gb
+ AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+ AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+ AddCharset shift_jis .shift_jis .sjis
+ AddCharset BRF .brf
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ #
+ # For files that include their own HTTP headers:
+ #
+ #AddHandler send-as-is asis
+
+ #
+ # For server-parsed imagemap files:
+ #
+ #AddHandler imap-file map
+
+ #
+ # For type maps (negotiated resources):
+ # (This is enabled by default to allow the Apache "It Worked" page
+ # to be distributed in multiple languages.)
+ #
+ AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+<IfModule mod_include.c>
+ AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
--- /dev/null
+<IfModule mod_mime_magic.c>
+ MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so
--- /dev/null
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+<IfModule mpm_event_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_worker mpm_prefork
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
--- /dev/null
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_prefork_module>
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_event mpm_worker
+LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
--- /dev/null
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+# graceful restart. ThreadLimit can only be changed by stopping
+# and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_worker_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_event mpm_prefork
+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
--- /dev/null
+<IfModule mod_negotiation.c>
+
+ # LanguagePriority allows you to give precedence to some languages
+ # in case of a tie during content negotiation.
+ #
+ # Just list the languages in decreasing order of preference. We have
+ # more or less alphabetized them here. You probably want to change this.
+ #
+ LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+ #
+ # ForceLanguagePriority allows you to serve a result page rather than
+ # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+ # [in case no accepted languages matched the available variants]
+ #
+ ForceLanguagePriority Prefer Fallback
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
--- /dev/null
+<IfModule mod_proxy.c>
+
+ # If you want to use apache2 as a forward proxy, uncomment the
+ # 'ProxyRequests On' line and the <Proxy *> block below.
+ # WARNING: Be careful to restrict access inside the <Proxy *> block.
+ # Open proxy servers are dangerous both to your network and to the
+ # Internet at large.
+ #
+ # If you only want to use apache2 as a reverse proxy/gateway in
+ # front of some web application server, you DON'T need
+ # 'ProxyRequests On'.
+
+ #ProxyRequests On
+ #<Proxy *>
+ # AddDefaultCharset off
+ # Require all denied
+ # #Require local
+ #</Proxy>
+
+ # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+ # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+ # Set to one of: Off | On | Full | Block
+ #ProxyVia Off
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
--- /dev/null
+<IfModule mod_proxy_balancer.c>
+
+ # Balancer manager enables dynamic update of balancer members
+ # (needs mod_status). Uncomment to enable.
+ #
+ #<IfModule mod_status.c>
+ # <Location /balancer-manager>
+ # SetHandler balancer-manager
+ # Require local
+ # </Location>
+ #</IfModule>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: proxy alias slotmem_shm
+LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_express_module /usr/lib/apache2/modules/mod_proxy_express.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_fdpass_module /usr/lib/apache2/modules/mod_proxy_fdpass.so
--- /dev/null
+<IfModule mod_proxy_ftp.c>
+
+ # Define the character set for proxied FTP listings. Default is ISO-8859-1
+ ProxyFtpDirCharset UTF-8
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: proxy
+LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_hcheck_module /usr/lib/apache2/modules/mod_proxy_hcheck.so
--- /dev/null
+# Configuration example.
+#
+# For detailed information about these directives see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html>
+# and for mod_xml2enc see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_xml2enc.html>
+#
+
+# All knowledge of HTML links has been removed from the mod_proxy_html
+# code itself, and is instead read from httpd.conf (or included file)
+# at server startup. So you MUST declare it. This will normally be
+# at top level, but can also be used in a <Location>.
+#
+# Here's the declaration for W3C HTML 4.01 and XHTML 1.0
+
+ProxyHTMLLinks a href
+ProxyHTMLLinks area href
+ProxyHTMLLinks link href
+ProxyHTMLLinks img src longdesc usemap
+ProxyHTMLLinks object classid codebase data usemap
+ProxyHTMLLinks q cite
+ProxyHTMLLinks blockquote cite
+ProxyHTMLLinks ins cite
+ProxyHTMLLinks del cite
+ProxyHTMLLinks form action
+ProxyHTMLLinks input src usemap
+ProxyHTMLLinks head profile
+ProxyHTMLLinks base href
+ProxyHTMLLinks script src for
+
+# To support scripting events (with ProxyHTMLExtended On),
+# you'll need to declare them too.
+
+ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
+ onmouseover onmousemove onmouseout onkeypress \
+ onkeydown onkeyup onfocus onblur onload \
+ onunload onsubmit onreset onselect onchange
+
+# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML,
+# you'll need to uncomment the following deprecated link attributes.
+# Note that these are enabled in earlier mod_proxy_html versions
+#
+# ProxyHTMLLinks frame src longdesc
+# ProxyHTMLLinks iframe src longdesc
+# ProxyHTMLLinks body background
+# ProxyHTMLLinks applet codebase
+#
+# If you're dealing with proprietary HTML variants,
+# declare your own URL attributes here as required.
+#
+# ProxyHTMLLinks myelement myattr otherattr
+#
+###########
+# EXAMPLE #
+###########
+#
+# To define the URL /my-gateway/ as a gateway to an appserver with address
+# http://some.app.intranet/ on a private network, after loading the
+# modules and including this configuration file:
+#
+# ProxyRequests Off <-- this is an important security setting
+# ProxyPass /my-gateway/ http://some.app.intranet/
+# <Location /my-gateway/>
+# ProxyPassReverse /
+# ProxyHTMLEnable On
+# ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/
+# ProxyHTMLURLMap / /my-gateway/
+# </Location>
+#
+# Many (though not all) real-life setups are more complex.
+#
+# See the documentation at
+# http://apache.webthing.com/mod_proxy_html/
+# and the tutorial at
+# http://www.apachetutor.org/admin/reverseproxies
--- /dev/null
+# Depends: proxy xml2enc
+LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
--- /dev/null
+# Depends: proxy http2
+LoadModule proxy_http2_module /usr/lib/apache2/modules/mod_proxy_http2.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
--- /dev/null
+# Depends: env
+LoadModule ratelimit_module /usr/lib/apache2/modules/mod_ratelimit.so
--- /dev/null
+LoadModule reflector_module /usr/lib/apache2/modules/mod_reflector.so
--- /dev/null
+LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so
--- /dev/null
+<IfModule reqtimeout_module>
+
+ # mod_reqtimeout limits the time waiting on the client to prevent an
+ # attacker from causing a denial of service by opening many connections
+ # but not sending requests. This file tries to give a sensible default
+ # configuration, but it may be necessary to tune the timeout values to
+ # the actual situation. Note that it is also possible to configure
+ # mod_reqtimeout per virtual host.
+
+
+ # Wait max 20 seconds for the first byte of the request line+headers
+ # From then, require a minimum data rate of 500 bytes/s, but don't
+ # wait longer than 40 seconds in total.
+ # Note: Lower timeouts may make sense on non-ssl virtual hosts but can
+ # cause problem with ssl enabled virtual hosts: This timeout includes
+ # the time a browser may need to fetch the CRL for the certificate. If
+ # the CRL server is not reachable, it may take more than 10 seconds
+ # until the browser gives up.
+ RequestReadTimeout header=20-40,minrate=500
+
+ # Wait max 10 seconds for the first byte of the request body (if any)
+ # From then, require a minimum data rate of 500 bytes/s
+ RequestReadTimeout body=10,minrate=500
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
--- /dev/null
+LoadModule request_module /usr/lib/apache2/modules/mod_request.so
--- /dev/null
+LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
--- /dev/null
+LoadModule sed_module /usr/lib/apache2/modules/mod_sed.so
--- /dev/null
+LoadModule session_module /usr/lib/apache2/modules/mod_session.so
--- /dev/null
+# Depends: session
+LoadModule session_cookie_module /usr/lib/apache2/modules/mod_session_cookie.so
--- /dev/null
+# Depends: session
+LoadModule session_crypto_module /usr/lib/apache2/modules/mod_session_crypto.so
--- /dev/null
+# Depends: session
+LoadModule session_dbd_module /usr/lib/apache2/modules/mod_session_dbd.so
--- /dev/null
+<IfModule mod_setenvif.c>
+
+ #
+ # The following directives modify normal HTTP response behavior to
+ # handle known problems with browser implementations.
+ #
+ BrowserMatch "Mozilla/2" nokeepalive
+ BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+ BrowserMatch "RealPlayer 4\.0" force-response-1.0
+ BrowserMatch "Java/1\.0" force-response-1.0
+ BrowserMatch "JDK/1\.0" force-response-1.0
+
+ #
+ # The following directive disables redirects on non-GET requests for
+ # a directory that does not include the trailing slash. This fixes a
+ # problem with Microsoft WebFolders which does not appropriately handle
+ # redirects for folders with DAV methods.
+ # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+ #
+ BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+ BrowserMatch "MS FrontPage" redirect-carefully
+ BrowserMatch "^WebDrive" redirect-carefully
+ BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+ BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+ BrowserMatch "^gvfs/1" redirect-carefully
+ BrowserMatch "^XML Spy" redirect-carefully
+ BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+ BrowserMatch " Konqueror/4" redirect-carefully
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
--- /dev/null
+LoadModule slotmem_plain_module /usr/lib/apache2/modules/mod_slotmem_plain.so
--- /dev/null
+LoadModule slotmem_shm_module /usr/lib/apache2/modules/mod_slotmem_shm.so
--- /dev/null
+LoadModule socache_dbm_module /usr/lib/apache2/modules/mod_socache_dbm.so
--- /dev/null
+LoadModule socache_memcache_module /usr/lib/apache2/modules/mod_socache_memcache.so
--- /dev/null
+LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
--- /dev/null
+LoadModule speling_module /usr/lib/apache2/modules/mod_speling.so
--- /dev/null
+<IfModule mod_ssl.c>
+
+ # Pseudo Random Number Generator (PRNG):
+ # Configure one or more sources to seed the PRNG of the SSL library.
+ # The seed data should be of good random quality.
+ # WARNING! On some platforms /dev/random blocks if not enough entropy
+ # is available. This means you then cannot use the /dev/random device
+ # because it would lead to very long connection times (as long as
+ # it requires to make more entropy available). But usually those
+ # platforms additionally provide a /dev/urandom device which doesn't
+ # block. So, if available, use this one instead. Read the mod_ssl User
+ # Manual for more details.
+ #
+ SSLRandomSeed startup builtin
+ SSLRandomSeed startup file:/dev/urandom 512
+ SSLRandomSeed connect builtin
+ SSLRandomSeed connect file:/dev/urandom 512
+
+ ##
+ ## SSL Global Context
+ ##
+ ## All SSL configuration in this context applies both to
+ ## the main server and all SSL-enabled virtual hosts.
+ ##
+
+ #
+ # Some MIME-types for downloading Certificates and CRLs
+ #
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ # Pass Phrase Dialog:
+ # Configure the pass phrase gathering process.
+ # The filtering dialog program (`builtin' is a internal
+ # terminal dialog) has to provide the pass phrase on stdout.
+ SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
+
+ # Inter-Process Session Cache:
+ # Configure the SSL Session Cache: First the mechanism
+ # to use and second the expiring timeout (in seconds).
+ # (The mechanism dbm has known memory leaks and should not be used).
+ #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
+ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+ SSLSessionCacheTimeout 300
+
+ # Semaphore:
+ # Configure the path to the mutual exclusion semaphore the
+ # SSL engine uses internally for inter-process synchronization.
+ # (Disabled by default, the global Mutex directive consolidates by default
+ # this)
+ #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
+
+
+ # SSL Cipher Suite:
+ # List the ciphers that the client is permitted to negotiate. See the
+ # ciphers(1) man page from the openssl package for list of all available
+ # options.
+ # Enable only secure ciphers:
+ SSLCipherSuite HIGH:!aNULL
+
+ # SSL server cipher order preference:
+ # Use server priorities for cipher algorithm choice.
+ # Clients may prefer lower grade encryption. You should enable this
+ # option if you want to enforce stronger encryption, and can afford
+ # the CPU cost, and did not override SSLCipherSuite in a way that puts
+ # insecure ciphers first.
+ # Default: Off
+ #SSLHonorCipherOrder on
+
+ # The protocols to enable.
+ # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
+ # SSL v2 is no longer supported
+ SSLProtocol all -SSLv3
+
+ # Allow insecure renegotiation with clients which do not yet support the
+ # secure renegotiation protocol. Default: Off
+ #SSLInsecureRenegotiation on
+
+ # Whether to forbid non-SNI clients to access name based virtual hosts.
+ # Default: Off
+ #SSLStrictSNIVHostCheck On
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: setenvif mime socache_shmcb
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
--- /dev/null
+<IfModule mod_status.c>
+ # Allow server status reports generated by mod_status,
+ # with the URL of http://servername/server-status
+ # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+
+ <Location /server-status>
+ SetHandler server-status
+ Require local
+ #Require ip 192.0.2.0/24
+ </Location>
+
+ # Keep track of extended status information for each request
+ ExtendedStatus On
+
+ # Determine if mod_status displays the first 63 characters of a request or
+ # the last 63, assuming the request itself is greater than 63 chars.
+ # Default: Off
+ #SeeRequestTail On
+
+
+ <IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+ </IfModule>
+
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule status_module /usr/lib/apache2/modules/mod_status.so
--- /dev/null
+LoadModule substitute_module /usr/lib/apache2/modules/mod_substitute.so
--- /dev/null
+LoadModule suexec_module /usr/lib/apache2/modules/mod_suexec.so
--- /dev/null
+LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so
--- /dev/null
+<IfModule mod_userdir.c>
+ UserDir public_html
+ UserDir disabled root
+
+ <Directory /home/*/public_html>
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+ </Directory>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule userdir_module /usr/lib/apache2/modules/mod_userdir.so
--- /dev/null
+LoadModule usertrack_module /usr/lib/apache2/modules/mod_usertrack.so
--- /dev/null
+LoadModule vhost_alias_module /usr/lib/apache2/modules/mod_vhost_alias.so
--- /dev/null
+LoadModule xml2enc_module /usr/lib/apache2/modules/mod_xml2enc.so
--- /dev/null
+../mods-available/access_compat.load
\ No newline at end of file
--- /dev/null
+../mods-available/alias.conf
\ No newline at end of file
--- /dev/null
+../mods-available/alias.load
\ No newline at end of file
--- /dev/null
+../mods-available/auth_basic.load
\ No newline at end of file
--- /dev/null
+../mods-available/authn_core.load
\ No newline at end of file
--- /dev/null
+../mods-available/authn_file.load
\ No newline at end of file
--- /dev/null
+../mods-available/authz_core.load
\ No newline at end of file
--- /dev/null
+../mods-available/authz_host.load
\ No newline at end of file
--- /dev/null
+../mods-available/authz_user.load
\ No newline at end of file
--- /dev/null
+../mods-available/autoindex.conf
\ No newline at end of file
--- /dev/null
+../mods-available/autoindex.load
\ No newline at end of file
--- /dev/null
+../mods-available/deflate.conf
\ No newline at end of file
--- /dev/null
+../mods-available/deflate.load
\ No newline at end of file
--- /dev/null
+../mods-available/dir.conf
\ No newline at end of file
--- /dev/null
+../mods-available/dir.load
\ No newline at end of file
--- /dev/null
+../mods-available/env.load
\ No newline at end of file
--- /dev/null
+../mods-available/filter.load
\ No newline at end of file
--- /dev/null
+../mods-available/mime.conf
\ No newline at end of file
--- /dev/null
+../mods-available/mime.load
\ No newline at end of file
--- /dev/null
+../mods-available/mpm_event.conf
\ No newline at end of file
--- /dev/null
+../mods-available/mpm_event.load
\ No newline at end of file
--- /dev/null
+../mods-available/negotiation.conf
\ No newline at end of file
--- /dev/null
+../mods-available/negotiation.load
\ No newline at end of file
--- /dev/null
+../mods-available/reqtimeout.conf
\ No newline at end of file
--- /dev/null
+../mods-available/reqtimeout.load
\ No newline at end of file
--- /dev/null
+../mods-available/setenvif.conf
\ No newline at end of file
--- /dev/null
+../mods-available/setenvif.load
\ No newline at end of file
--- /dev/null
+../mods-available/status.conf
\ No newline at end of file
--- /dev/null
+../mods-available/status.load
\ No newline at end of file
--- /dev/null
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 80
+
+<IfModule ssl_module>
+ Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+ Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+<VirtualHost *:80>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName www.example.com
+
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+<IfModule mod_ssl.c>
+ <VirtualHost _default_:443>
+ ServerAdmin webmaster@localhost
+
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ # BrowserMatch "MSIE [2-6]" \
+ # nokeepalive ssl-unclean-shutdown \
+ # downgrade-1.0 force-response-1.0
+
+ </VirtualHost>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+../sites-available/000-default.conf
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+
+# run htcacheclean if set to 'cron' mode
+
+set -e
+set -u
+
+type htcacheclean > /dev/null 2>&1 || exit 0
+[ -e /etc/default/apache-htcacheclean ] || exit 0
+
+
+# edit /etc/default/apache-htcacheclean to change this
+HTCACHECLEAN_MODE=daemon
+HTCACHECLEAN_RUN=auto
+HTCACHECLEAN_SIZE=300M
+HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
+HTCACHECLEAN_OPTIONS=""
+
+. /etc/default/apache-htcacheclean
+
+[ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0
+
+htcacheclean ${HTCACHECLEAN_OPTIONS} \
+ -p${HTCACHECLEAN_PATH} \
+ -l${HTCACHECLEAN_SIZE}
--- /dev/null
+# This file must only contain KEY=VALUE lines. Do not use advanced
+# shell script constructs!
+
+## run mode: cron, daemon
+## run in daemon mode or as daily cron job
+## default: daemon
+HTCACHECLEAN_MODE=daemon
+
+## cache size
+HTCACHECLEAN_SIZE=300M
+
+## interval: if in daemon mode, clean cache every x minutes
+HTCACHECLEAN_DAEMON_INTERVAL=120
+
+## path to cache
+## must be the same as in CacheRoot directive
+#HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
+
+## additional options:
+## -n : be nice
+## -t : remove empty directories
+HTCACHECLEAN_OPTIONS="-n"
--- /dev/null
+#!/bin/sh
+# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
+if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
+ set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
+fi
+### BEGIN INIT INFO
+# Provides: apache-htcacheclean
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Cache cleaner process for Apache2 web server
+# Description: Start the htcacheclean helper
+# This script will start htcacheclean which will periodically scan the
+# cache directory of Apache2's mod_cache_disk and remove outdated files.
+### END INIT INFO
+
+DESC="Apache htcacheclean"
+DAEMON=/usr/bin/htcacheclean
+
+NAME="${0##*/}"
+NAME="${NAME##[KS][0-9][0-9]}"
+DIR_SUFFIX="${NAME##apache-htcacheclean}"
+APACHE_CONFDIR="${APACHE_CONFDIR:=/etc/apache2$DIR_SUFFIX}"
+RUN_USER=$(. $APACHE_CONFDIR/envvars > /dev/null && echo "$APACHE_RUN_USER")
+
+# Default values. Edit /etc/default/apache-htcacheclean$DIR_SUFFIX to change these
+HTCACHECLEAN_SIZE="${HTCACHECLEAN_SIZE:=300M}"
+HTCACHECLEAN_DAEMON_INTERVAL="${HTCACHECLEAN_DAEMON_INTERVAL:=120}"
+HTCACHECLEAN_PATH="${HTCACHECLEAN_PATH:=/var/cache/apache2$DIR_SUFFIX/mod_cache_disk}"
+HTCACHECLEAN_OPTIONS="${HTCACHECLEAN_OPTIONS:=-n}"
+
+# Read configuration variable file if it is present
+if [ -f /etc/default/apache-htcacheclean$DIR_SUFFIX ] ; then
+ . /etc/default/apache-htcacheclean$DIR_SUFFIX
+elif [ -f /etc/default/apache-htcacheclean ] ; then
+ . /etc/default/apache-htcacheclean
+fi
+
+PIDDIR="/var/run/apache2/$RUN_USER"
+PIDFILE="$PIDDIR/$NAME.pid"
+DAEMON_ARGS="$HTCACHECLEAN_OPTIONS \
+ -d$HTCACHECLEAN_DAEMON_INTERVAL \
+ -P$PIDFILE -i \
+ -p$HTCACHECLEAN_PATH \
+ -l$HTCACHECLEAN_SIZE"
+
+do_start_prepare () {
+ if [ ! -d "$PIDDIR" ] ; then
+ mkdir -p "$PIDDIR"
+ chown "$RUN_USER:" "$PIDDIR"
+ fi
+ if [ ! -d "$HTCACHECLEAN_PATH" ] ; then
+ echo "Directory $HTCACHECLEAN_PATH does not exist!" >&2
+ exit 2
+ fi
+}
+
+do_start_cmd_override () {
+ start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
+ -u $RUN_USER --startas $DAEMON --name htcacheclean --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
+ -c $RUN_USER --startas $DAEMON --name htcacheclean -- $DAEMON_ARGS \
+ || return 2
+}
+
+do_stop_cmd_override () {
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
+ -u $RUN_USER --pidfile ${PIDFILE} --name htcacheclean
+}
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: apache2
+# Required-Start: $local_fs $remote_fs $network $syslog $named
+# Required-Stop: $local_fs $remote_fs $network $syslog $named
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# X-Interactive: true
+# Short-Description: Apache2 web server
+# Description: Start the web server
+# This script will start the apache2 web server.
+### END INIT INFO
+
+DESC="Apache httpd web server"
+NAME=apache2
+DAEMON=/usr/sbin/$NAME
+
+SCRIPTNAME="${0##*/}"
+SCRIPTNAME="${SCRIPTNAME##[KS][0-9][0-9]}"
+if [ -n "$APACHE_CONFDIR" ] ; then
+ if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+ DIR_SUFFIX="${APACHE_CONFDIR##/etc/apache2-}"
+ else
+ DIR_SUFFIX=
+ fi
+elif [ "${SCRIPTNAME##apache2-}" != "$SCRIPTNAME" ] ; then
+ DIR_SUFFIX="-${SCRIPTNAME##apache2-}"
+ APACHE_CONFDIR=/etc/apache2$DIR_SUFFIX
+else
+ DIR_SUFFIX=
+ APACHE_CONFDIR=/etc/apache2
+fi
+if [ -z "$APACHE_ENVVARS" ] ; then
+ APACHE_ENVVARS=$APACHE_CONFDIR/envvars
+fi
+export APACHE_CONFDIR APACHE_ENVVARS
+
+ENV="env -i LANG=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+if [ "$APACHE_CONFDIR" != /etc/apache2 ] ; then
+ ENV="$ENV APACHE_CONFDIR=$APACHE_CONFDIR"
+fi
+if [ "$APACHE_ENVVARS" != "$APACHE_CONFDIR/envvars" ] ; then
+ ENV="$ENV APACHE_ENVVARS=$APACHE_ENVVARS"
+fi
+
+PIDFILE=$(. $APACHE_ENVVARS && echo $APACHE_PID_FILE)
+
+VERBOSE=no
+if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+fi
+. /lib/lsb/init-functions
+
+
+# Now, set defaults:
+APACHE2CTL="$ENV apache2ctl"
+PIDFILE=$(. $APACHE_ENVVARS && echo $APACHE_PID_FILE)
+APACHE2_INIT_MESSAGE=""
+
+CONFTEST_OUTFILE=
+cleanup() {
+ if [ -n "$CONFTEST_OUTFILE" ] ; then
+ rm -f "$CONFTEST_OUTFILE"
+ fi
+}
+trap cleanup 0 # "0" means "EXIT", but "EXIT" is not portable
+
+
+apache_conftest() {
+ [ -z "$CONFTEST_OUTFILE" ] || rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=$(mktemp)
+ if ! $APACHE2CTL configtest > "$CONFTEST_OUTFILE" 2>&1 ; then
+ return 1
+ else
+ rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=
+ return 0
+ fi
+}
+
+clear_error_msg() {
+ [ -z "$CONFTEST_OUTFILE" ] || rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=
+ APACHE2_INIT_MESSAGE=
+}
+
+print_error_msg() {
+ [ -z "$APACHE2_INIT_MESSAGE" ] || log_warning_msg "$APACHE2_INIT_MESSAGE"
+ if [ -n "$CONFTEST_OUTFILE" ] ; then
+ echo "Output of config test was:" >&2
+ cat "$CONFTEST_OUTFILE" >&2
+ rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=
+ fi
+}
+
+apache_wait_start() {
+ local STATUS=$1
+ local i=0
+
+ if [ $STATUS != 0 ] ; then
+ return $STATUS
+ fi
+ while : ; do
+ PIDTMP=$(pidofproc -p $PIDFILE $DAEMON)
+ if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
+ return $STATUS
+ fi
+
+ if [ $i = "20" ] ; then
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX instance did not start within 20 seconds. Please read the log files to discover problems"
+ return 2
+ fi
+
+ [ "$VERBOSE" != no ] && log_progress_msg "."
+ sleep 1
+ i=$(($i+1))
+ done
+}
+
+apache_wait_stop() {
+ local STATUS=$1
+ local METH=$2
+
+ if [ $STATUS != 0 ] ; then
+ return $STATUS
+ fi
+
+ PIDTMP=$(pidofproc -p $PIDFILE $DAEMON)
+ if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
+ if [ "$METH" = "kill" ]; then
+ killproc -p $PIDFILE $DAEMON
+ else
+ $APACHE2CTL $METH > /dev/null 2>&1
+ fi
+
+ local i=0
+ while kill -0 "${PIDTMP:-}" 2> /dev/null; do
+ if [ $i = '60' ]; then
+ STATUS=2
+ break
+ fi
+ [ "$VERBOSE" != no ] && log_progress_msg "."
+ sleep 1
+ i=$(($i+1))
+ done
+ return $STATUS
+ else
+ return $STATUS
+ fi
+}
+
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ if pidofproc -p $PIDFILE "$DAEMON" > /dev/null 2>&1 ; then
+ return 1
+ fi
+
+ if apache_conftest ; then
+ $APACHE2CTL start
+ apache_wait_start $?
+ return $?
+ else
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed."
+ return 2
+ fi
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+
+ # either "stop" or "graceful-stop"
+ local STOP=$1
+ # can't use pidofproc from LSB here
+ local AP_RET=0
+
+ if pidof $DAEMON > /dev/null 2>&1 ; then
+ if [ -e $PIDFILE ] && pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE) > /dev/null 2>&1 ; then
+ AP_RET=2
+ else
+ AP_RET=1
+ fi
+ else
+ AP_RET=0
+ fi
+
+ # AP_RET is:
+ # 0 if Apache (whichever) is not running
+ # 1 if Apache (whichever) is running
+ # 2 if Apache from the PIDFILE is running
+
+ if [ $AP_RET = 0 ] ; then
+ return 1
+ fi
+
+ if [ $AP_RET = 2 ] && apache_conftest ; then
+ apache_wait_stop $? $STOP
+ return $?
+ else
+ if [ $AP_RET = 2 ]; then
+ clear_error_msg
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed, so we are trying to kill it manually. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now!"
+ apache_wait_stop $? "kill"
+ return $?
+ elif [ $AP_RET = 1 ] ; then
+ APACHE2_INIT_MESSAGE="There are processes named 'apache2' running which do not match your pid file which are left untouched in the name of safety, Please review the situation by hand".
+ return 2
+ fi
+ fi
+
+}
+
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ if apache_conftest; then
+ if ! pidofproc -p $PIDFILE "$DAEMON" > /dev/null 2>&1 ; then
+ APACHE2_INIT_MESSAGE="Apache2 is not running"
+ return 2
+ fi
+ $APACHE2CTL graceful > /dev/null 2>&1
+ return $?
+ else
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed. Not doing anything."
+ return 2
+ fi
+}
+
+
+# Sanity checks. They need to occur after function declarations
+[ -x $DAEMON ] || exit 0
+
+if [ ! -x $DAEMON ] ; then
+ echo "No apache-bin package installed"
+ exit 0
+fi
+
+if [ -z "$PIDFILE" ] ; then
+ echo ERROR: APACHE_PID_FILE needs to be defined in $APACHE_ENVVARS >&2
+ exit 2
+fi
+
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ RET_STATUS=$?
+ case "$RET_STATUS" in
+ 0|1)
+ log_success_msg
+ [ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was already running"
+ ;;
+ 2)
+ log_failure_msg
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ ;;
+ stop|graceful-stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop "$1"
+ RET_STATUS=$?
+ case "$RET_STATUS" in
+ 0|1)
+ log_success_msg
+ [ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was not running"
+ ;;
+ 2)
+ log_failure_msg
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ print_error_msg
+
+ ;;
+ status)
+ status_of_proc -p $PIDFILE "apache2" "$NAME"
+ exit $?
+ ;;
+ reload|force-reload|graceful)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ RET_STATUS=$?
+ case "$RET_STATUS" in
+ 0|1)
+ log_success_msg
+ [ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was already running"
+ ;;
+ 2)
+ log_failure_msg
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ print_error_msg
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0)
+ log_end_msg 0
+ ;;
+ 1|*)
+ log_end_msg 1 # Old process is still or failed to running
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ ;;
+ start-htcacheclean|stop-htcacheclean)
+ echo "Use 'service apache-htcacheclean' instead"
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|graceful-stop|restart|reload|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+exit 0
+
+# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
--- /dev/null
+/var/log/apache2/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 640 root adm
+ sharedscripts
+ postrotate
+ if invoke-rc.d apache2 status > /dev/null 2>&1; then \
+ invoke-rc.d apache2 reload > /dev/null 2>&1; \
+ fi;
+ endscript
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+ run-parts /etc/logrotate.d/httpd-prerotate; \
+ fi; \
+ endscript
+}
--- /dev/null
+../init.d/apache-htcacheclean
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/apache-htcacheclean
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/apache-htcacheclean
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/apache-htcacheclean
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/apache-htcacheclean
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/apache-htcacheclean
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/apache-htcacheclean
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/apache2.service
\ No newline at end of file
projects / config / helga-hetzner / etc.git / commitdiff