| #!/bin/sh |
| |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # Generate a minimal HTTPD configuration |
| here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` |
| mkdir -p $1 |
| root=`echo "import os; print os.path.realpath('$1')" | python` |
| |
| host=$2 |
| port=`$here/httpd-addr port $3` |
| pport=`$here/httpd-addr pport $3` |
| listen=`$here/httpd-addr listen $3` |
| vhost=`$here/httpd-addr vhost $3` |
| if [ "$pport" = "80" ]; then |
| pportsuffix="" |
| else |
| pportsuffix=":$pport" |
| fi |
| |
| mkdir -p $4 |
| htdocs=`echo "import os; print os.path.realpath('$4')" | python` |
| |
| user=`id -un` |
| group=`id -gn` |
| |
| uname=`uname -s` |
| if [ $uname = "Darwin" ]; then |
| libsuffix=".dylib" |
| sendfile=Off |
| else |
| libsuffix=".so" |
| sendfile=On |
| fi |
| |
| modules_prefix=`cat $here/httpd-modules.prefix` |
| |
| mkdir -p $root |
| mkdir -p $root/logs |
| mkdir -p $root/conf |
| cat >$root/conf/httpd.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Apache HTTPD server configuration |
| |
| # Main server name |
| ServerName http://$host$pportsuffix |
| PidFile $root/logs/httpd.pid |
| |
| # Load configured MPM |
| Include conf/mpm.conf |
| |
| # Load required modules |
| Include conf/modules.conf |
| |
| # Basic security precautions |
| User $user |
| Group $group |
| ServerSignature Off |
| ServerTokens Prod |
| Timeout 45 |
| RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 |
| LimitRequestBody 8388608 |
| HostNameLookups Off |
| #MaxKeepAliveRequests 25 |
| #MaxConnectionsPerChild 100 |
| |
| # Log HTTP requests |
| # [timestamp] [access] remote-host remote-ident remote-user "request-line" |
| # status response-size "referrer" "user-agent" "user-track" local-IP |
| # virtual-host response-time bytes-received bytes-sent |
| LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O %{mod_security-message}i" combined |
| Include conf/log.conf |
| |
| # Configure Mime types and default charsets |
| TypesConfig $here/conf/mime.types |
| AddDefaultCharset utf-8 |
| AddCharset utf-8 .html .js .css |
| |
| # Configure cache control |
| <Directory /> |
| SetEnvIf X-Cache-Control no-cache x-no-cache |
| Header merge Cache-Control max-age=604800 env=!x-no-cache |
| Header merge Cache-Control public env=!x-no-cache |
| </Directory> |
| |
| # Enable Linux Kernel sendfile |
| EnableSendFile $sendfile |
| |
| # Configure auth modules |
| Include conf/auth.conf |
| |
| # Set default document root |
| DocumentRoot $htdocs |
| DirectoryIndex index-min.html index.html |
| |
| # Protect server files |
| <Directory /> |
| Options None |
| AllowOverride None |
| Require all denied |
| </Directory> |
| |
| # Configure output filters to enable compression and rate limiting |
| <Location /> |
| #SetOutputFilter RATE_LIMIT;DEFLATE |
| SetOutputFilter DEFLATE |
| |
| BrowserMatch ^Mozilla/4 gzip-only-text/html |
| BrowserMatch ^Mozilla/4\.0[678] no-gzip |
| BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html |
| BrowserMatch ^check_http/ check_http |
| SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary |
| Header append Vary User-Agent env=!dont-vary |
| |
| #SetEnv rate-limit 400 |
| </Location> |
| |
| # Listen on HTTP port |
| Listen $listen |
| |
| # Setup HTTP virtual host |
| <VirtualHost $vhost> |
| ServerName http://$host$pportsuffix |
| |
| <Location /> |
| RewriteEngine on |
| Include conf/hostcond.conf |
| RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC] |
| RewriteCond %{REQUEST_URI} !^/server-status [NC] |
| RewriteCond %{REQUEST_URI} !^/balancer-manager [NC] |
| RewriteCond %{REQUEST_URI} !^/proxy/ [NC] |
| RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R] |
| </Location> |
| |
| Include conf/svhost.conf |
| |
| # Configure authentication |
| Include conf/noauth.conf |
| Include conf/locauth.conf |
| Include conf/pubauth.conf |
| Include conf/adminauth.conf |
| |
| </VirtualHost> |
| |
| EOF |
| |
| # Configure logging |
| cat >$root/conf/log.conf <<EOF |
| # Generated by: httpd-conf $* |
| ErrorLog $root/logs/error_log |
| CustomLog $root/logs/access_log combined |
| |
| EOF |
| |
| # Run with the prefork MPM |
| cat >$root/conf/mpm.conf <<EOF |
| # Generated by: httpd-conf $* |
| LoadModule mpm_prefork_module ${modules_prefix}/modules/mod_mpm_prefork.so |
| |
| EOF |
| |
| # Generate modules list |
| cat >$root/conf/modules.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Load a minimal set of modules, the load order is important |
| # (e.g. load mod_headers before mod_rewrite, so its hooks execute |
| # after mod_rewrite's hooks) |
| LoadModule headers_module ${modules_prefix}/modules/mod_headers.so |
| LoadModule alias_module ${modules_prefix}/modules/mod_alias.so |
| LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so |
| LoadModule authn_socache_module ${modules_prefix}/modules/mod_authn_socache.so |
| LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so |
| LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so |
| LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so |
| LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so |
| LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so |
| LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so |
| LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so |
| LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so |
| LoadModule request_module ${modules_prefix}/modules/mod_request.so |
| LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so |
| LoadModule filter_module ${modules_prefix}/modules/mod_filter.so |
| LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so |
| LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so |
| LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so |
| LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so |
| LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so |
| LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so |
| LoadModule cache_module ${modules_prefix}/modules/mod_cache.so |
| LoadModule cache_disk_module ${modules_prefix}/modules/mod_cache_disk.so |
| LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so |
| LoadModule mime_module ${modules_prefix}/modules/mod_mime.so |
| LoadModule status_module ${modules_prefix}/modules/mod_status.so |
| LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so |
| LoadModule dir_module ${modules_prefix}/modules/mod_dir.so |
| LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so |
| LoadModule env_module ${modules_prefix}/modules/mod_env.so |
| LoadModule expires_module ${modules_prefix}/modules/mod_expires.so |
| <IfModule !log_config_module> |
| LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so |
| </IfModule> |
| LoadModule logio_module ${modules_prefix}/modules/mod_logio.so |
| LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so |
| LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so |
| LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so |
| LoadModule actions_module ${modules_prefix}/modules/mod_actions.so |
| LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so |
| LoadModule session_module ${modules_prefix}/modules/mod_session.so |
| LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so |
| LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so |
| LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so |
| LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so |
| LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so |
| |
| EOF |
| |
| # Generate auth configuration |
| cat >$root/conf/auth.conf <<EOF |
| # Generated by: httpd-conf $* |
| |
| EOF |
| |
| cat >$root/conf/locauth.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Authentication and authorization configuration |
| |
| # Allow authorized access to document root |
| <Directory "$htdocs"> |
| Options FollowSymLinks |
| Require all granted |
| </Directory> |
| |
| # Allow authorized access to root location |
| <Location /> |
| Options FollowSymLinks |
| AuthUserFile "$root/conf/httpd.passwd" |
| AuthGroupFile "$root/conf/httpd.groups" |
| Require all granted |
| </Location> |
| |
| EOF |
| |
| cat >$root/conf/pubauth.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Allow everyone to access public locations |
| <Location /login> |
| AuthType None |
| Session Off |
| Require all granted |
| </Location> |
| <Location /login/dologin> |
| Session Off |
| </Location> |
| <Location /logout> |
| AuthType None |
| Session Off |
| Require all granted |
| </Location> |
| <Location /logout/dologout> |
| Session Off |
| </Location> |
| <Location /public> |
| AuthType None |
| Session Off |
| Require all granted |
| </Location> |
| <Location /proxy/public> |
| AuthType None |
| Session Off |
| Require all granted |
| </Location> |
| <Location /favicon.ico> |
| AuthType None |
| Session Off |
| Require all granted |
| </Location> |
| <Location /robots.txt> |
| AuthType None |
| Session Off |
| Require all granted |
| </Location> |
| |
| EOF |
| |
| cat >$root/conf/adminauth.conf <<EOF |
| |
| # Allow the server admin to view the server status |
| <Location /server-status> |
| Require user admin |
| </Location> |
| |
| EOF |
| |
| # Create password and group files |
| cat >$root/conf/httpd.passwd <<EOF |
| # Generated by: httpd-conf $* |
| EOF |
| |
| cat >$root/conf/httpd.groups <<EOF |
| # Generated by: httpd-conf $* |
| EOF |
| |
| # Allow public access to server resources |
| cat >$root/conf/noauth.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Allow public access to server resources |
| |
| # Allow access to document root |
| <Directory "$htdocs"> |
| AuthType None |
| Session Off |
| Require all granted |
| </Directory> |
| |
| # Allow everyone to access root location |
| <Location /> |
| AuthType None |
| Session Off |
| Require all granted |
| </Location> |
| |
| EOF |
| |
| # Generate vhost configuration |
| cat >$root/conf/vhost.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Virtual host configuration |
| UseCanonicalName Off |
| |
| # Enable HTTP reverse proxy |
| ProxyRequests Off |
| ProxyPreserveHost On |
| ProxyStatus On |
| |
| # Enable server status |
| <Location /server-status> |
| SetHandler server-status |
| HostnameLookups on |
| </Location> |
| |
| EOF |
| |
| cat >$root/conf/svhost.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Static virtual host configuration |
| Include conf/vhost.conf |
| |
| EOF |
| |
| cat >$root/conf/dvhost.conf <<EOF |
| # Generated by: httpd-conf $* |
| # Mass dynamic virtual host configuration |
| Include conf/vhost.conf |
| |
| EOF |
| |
| # Generate host name check condition |
| cat >$root/conf/hostcond.conf <<EOF |
| # Generated by: httpd-conf $* |
| RewriteCond %{HTTP_HOST} !^$host [NC] |
| |
| EOF |
| |
