Google Git
Sign in
apache / tuscany-sca-cpp / c1d0e70cc3c87d272763fe4373479eae398f0dbb / . / modules / http / httpd-conf
blob: d672b2dce50bff847d947da02392e5ae8ac4b293 [file] [log] [blame]
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Generate a minimal HTTPD configuration
here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
mkdir -p $1
root=`echo "import os; print os.path.realpath('$1')" | python`
jsprefix=`echo "import os; print os.path.realpath('$here/../js')" | python`
host=$2
port=`$here/httpd-addr port $3`
pport=`$here/httpd-addr pport $3`
listen=`$here/httpd-addr listen $3`
vhost=`$here/httpd-addr vhost $3`
mkdir -p $4
htdocs=`echo "import os; print os.path.realpath('$4')" | python`
user=`id -un`
group=`id -gn`
uname=`uname -s`
if [ $uname = "Darwin" ]; then
libsuffix=".dylib"
else
libsuffix=".so"
fi
modules_prefix=`cat $here/httpd-modules.prefix`
mkdir -p $root
mkdir -p $root/logs
mkdir -p $root/conf
cat >$root/conf/httpd.conf <<EOF
# Generated by: httpd-conf $*
# Apache HTTPD server configuration
# Main server name
ServerName http://$host:$pport
PidFile $root/logs/httpd.pid
# Load configured MPM
Include conf/mpm.conf
# Load required modules
Include conf/modules.conf
# Basic security precautions
User $user
Group $group
ServerSignature Off
ServerTokens Prod
Timeout 45
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
LimitRequestBody 1048576
HostNameLookups Off
# Log HTTP requests
# [timestamp] [access] remote-host remote-ident remote-user "request-line"
# status response-size "referrer" "user-agent" "user-track" local-IP
# virtual-host response-time bytes-received bytes-sent
LogLevel info
ErrorLog $root/logs/error_log
LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O" combined
CustomLog $root/logs/access_log combined
CookieTracking on
CookieName TuscanyVisitorId
CookieStyle Cookie
CookieExpires 31556926
# Configure Mime types and default charsets
TypesConfig $here/conf/mime.types
AddDefaultCharset utf-8
AddCharset utf-8 .js .css
# Configure cache control
SetEnvIf Request_URI "^/app.html$" must-revalidate
Header onsuccess set Cache-Control "max-age=604800" env=!must-revalidate
Header set Cache-Control "must-revalidate, max-age=0" env=must-revalidate
Header set Expires "Tue, 01 Jan 1980 00:00:00 GMT" env=must-revalidate
# Set default document root
DocumentRoot $htdocs
DirectoryIndex index.html
# Protect server files
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>
# Configure authentication
Include conf/auth.conf
# Allow access to public locations
<Location /login>
AuthType None
Require all granted
</Location>
<Location /logout>
AuthType None
Require all granted
</Location>
<Location /public>
AuthType None
Require all granted
</Location>
<Location /favicon.ico>
AuthType None
Require all granted
</Location>
<Location /robots.txt>
AuthType None
Require all granted
</Location>
# Configure output filters to enable compression and rate limiting
<Location />
SetOutputFilter RATE_LIMIT;DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
SetEnv rate-limit 400
</Location>
# Listen on HTTP port
Listen $listen
# Setup HTTP virtual host
<VirtualHost $vhost>
ServerName http://$host:$pport
RewriteEngine on
RewriteCond %{HTTP_HOST} !^$host [NC]
RewriteRule .* http://$host:$pport%{REQUEST_URI} [R,L]
Include conf/svhost.conf
# Allow access to document root
<Directory "$htdocs">
Options FollowSymLinks
AuthType None
Require all granted
</Directory>
# Allow access to root location
<Location />
Options FollowSymLinks
AuthType None
Require all granted
</Location>
</VirtualHost>
EOF
# Run with the prefork MPM
cat >$root/conf/mpm.conf <<EOF
# Generated by: httpd-conf $*
LoadModule mpm_prefork_module ${modules_prefix}/modules/mod_mpm_prefork.so
EOF
uname=`uname -s`
if [ $uname = "Darwin" ]; then
cat >>$root/conf/mpm.conf <<EOF
# Generated by: httpd-conf $*
# Set thread stack size
ThreadStackSize 2097152
EOF
fi
# Generate modules list
cat >$root/conf/modules.conf <<EOF
# Generated by: httpd-conf $*
# Load a minimal set of modules, the load order is important
# (e.g. load mod_headers before mod_rewrite, so its hooks execute
# after mod_rewrite's hooks)
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
LoadModule request_module ${modules_prefix}/modules/mod_request.so
LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
LoadModule info_module ${modules_prefix}/modules/mod_info.so
LoadModule asis_module ${modules_prefix}/modules/mod_asis.so
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
LoadModule env_module ${modules_prefix}/modules/mod_env.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
</IfModule>
LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
LoadModule session_module ${modules_prefix}/modules/mod_session.so
LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so
LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel$libsuffix
LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth$libsuffix
EOF
# Generate auth configuration
cat >$root/conf/auth.conf <<EOF
# Generated by: httpd-conf $*
# Authentication configuration
# Allow authorized access to document root
<Directory "$htdocs">
Options FollowSymLinks
Require all granted
</Directory>
# Allow authorized access to root location
<Location />
Options FollowSymLinks
AuthUserFile "$root/conf/httpd.passwd"
Require all granted
</Location>
EOF
# Create password and group files
cat >$root/conf/httpd.passwd <<EOF
# Generated by: httpd-conf $*
EOF
cat >$root/conf/httpd.groups <<EOF
# Generated by: httpd-conf $*
EOF
# Generate vhost configuration
cat >$root/conf/vhost.conf <<EOF
# Generated by: httpd-conf $*
# Virtual host configuration
UseCanonicalName Off
# Enable HTTP reverse proxy
ProxyRequests Off
ProxyPreserveHost Off
ProxyStatus On
EOF
cat >$root/conf/svhost.conf <<EOF
# Generated by: httpd-conf $*
# Static virtual host configuration
Include conf/vhost.conf
EOF
cat >$root/conf/dvhost.conf <<EOF
# Generated by: httpd-conf $*
# Mass dynamic virtual host configuration
Include conf/vhost.conf
EOF