From 9ee48c847f79ddea826b57392f17fdc386f7c49f Mon Sep 17 00:00:00 2001 From: Sven Gothel Date: Mon, 10 Dec 2018 07:23:17 +0100 Subject: apache2 2.4.* configuration update --- .../05-service-settings/etc/apache2/apache2.conf | 235 +++++++---------- .../etc/apache2/sites-available/000-jogamp.org | 247 ------------------ .../etc/apache2/sites-available/001-jogamp.org-ssl | 256 ------------------- .../etc/apache2/sites-available/jogamp.org | 247 ------------------ .../etc/apache2/sites-available/jogamp.org-ssl | 256 ------------------- .../apache2/sites-available/jogamp_org-ssl.conf | 281 +++++++++++++++++++++ .../etc/apache2/sites-available/jogamp_org.conf | 254 +++++++++++++++++++ 7 files changed, 628 insertions(+), 1148 deletions(-) delete mode 100644 server/setup/05-service-settings/etc/apache2/sites-available/000-jogamp.org delete mode 100644 server/setup/05-service-settings/etc/apache2/sites-available/001-jogamp.org-ssl delete mode 100644 server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org delete mode 100644 server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org-ssl create mode 100644 server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf create mode 100644 server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf (limited to 'server/setup') diff --git a/server/setup/05-service-settings/etc/apache2/apache2.conf b/server/setup/05-service-settings/etc/apache2/apache2.conf index d1991c9..42afd0b 100644 --- a/server/setup/05-service-settings/etc/apache2/apache2.conf +++ b/server/setup/05-service-settings/etc/apache2/apache2.conf @@ -1,8 +1,8 @@ # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. -# See http://httpd.apache.org/docs/2.2/ for detailed information about -# the directives and /usr/share/doc/apache2-common/README.Debian.gz about -# Debian specific hints. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. # # # Summary of how the Apache 2 configuration works in Debian: @@ -22,45 +22,30 @@ # |-- mods-enabled # | |-- *.load # | `-- *.conf -# |-- conf.d -# | `-- * +# |-- conf-enabled +# | `-- *.conf # `-- sites-enabled -# `-- * +# `-- *.conf # # # * apache2.conf is the main configuration file (this file). It puts the pieces # together by including all remaining configuration files when starting up the # web server. # -# In order to avoid conflicts with backup files, the Include directive is -# adapted to ignore files that: -# - do not begin with a letter or number -# - contain a character that is neither letter nor number nor _-:. -# - contain .dpkg -# -# Yet we strongly suggest that all configuration files either end with a -# .conf or .load suffix in the file name. The next Debian release will -# ignore files not ending with .conf (or .load for mods-enabled). -# # * ports.conf is always included from the main configuration file. It is -# supposed to determine listening ports for incoming connections, and which -# of these ports are used for name based virtual hosts. +# supposed to determine listening ports for incoming connections which can be +# customized anytime. # -# * Configuration files in the mods-enabled/ and sites-enabled/ directories -# contain particular configuration snippets which manage modules or virtual -# host configurations, respectively. +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. # # They are activated by symlinking available configuration files from their # respective *-available/ counterparts. These should be managed by using our -# helpers a2enmod/a2dismod, a2ensite/a2dissite. See +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See # their respective man pages for detailed information. # -# * Configuration files in the conf.d directory are either provided by other -# packages or may be added by the local administrator. Local additions -# should start with local- or end with .local.conf to avoid name clashes. All -# files in conf.d are considered (excluding the exceptions noted above) by -# the Apache 2 web server. -# # * The binary is called apache2. Due to the use of environment variables, in # the default configuration, apache2 needs to be started/stopped with # /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not @@ -75,8 +60,8 @@ # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation (available -# at ); +# mounted filesystem then please read the Mutex documentation (available +# at ); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. @@ -86,7 +71,13 @@ # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # -LockFile ${APACHE_LOCK_DIR}/accept.lock +Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} # # PidFile: The file in which the server should record its process @@ -117,113 +108,14 @@ MaxKeepAliveRequests 100 # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # -# default: 5 +#KeepAliveTimeout 5 KeepAliveTimeout 10 -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - - # defaults: - # StartServers 5 - # MinSpareServers 5 - # MaxSpareServers 10 - # MaxClients 150 - # MaxRequestsPerChild 0 - - StartServers 8 - MinSpareServers 5 - MaxSpareServers 20 - MaxClients 256 - MaxRequestsPerChild 0 - - -# worker MPM -# StartServers: initial number of server processes to start -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a -# graceful restart. ThreadLimit can only be changed by stopping -# and starting Apache. -# ThreadsPerChild: constant number of worker threads in each server process -# MaxClients: maximum number of simultaneous client connections -# MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxClients 150 - MaxRequestsPerChild 0 - - -# event MPM -# StartServers: initial number of server processes to start -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxClients: maximum number of simultaneous client connections -# MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxClients 150 - MaxRequestsPerChild 0 - - # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# - -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Order allow,deny - Deny from all - Satisfy all - - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -# It is also possible to omit any default MIME type and let the -# client's browser guess an appropriate action instead. Typically the -# browser will decide based on the file's extension then. In cases -# where no good assumption can be made, letting the default MIME type -# unset is suggested instead of forcing the browser to accept -# incorrect metadata. -# -DefaultType None - - # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). @@ -243,23 +135,80 @@ HostnameLookups Off ErrorLog ${APACHE_LOG_DIR}/error.log # -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" # LogLevel warn # Include module configuration: -Include mods-enabled/*.load -Include mods-enabled/*.conf +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf -# Include list of ports to listen on and which to use for name based vhosts +# Include list of ports to listen on Include ports.conf + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + + # # The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined @@ -268,10 +217,12 @@ LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include of directories ignores editors' and dpkg's backup files, -# see the comments above for details. +# see README.Debian for details. # Include generic snippets of statements -Include conf.d/ +IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: -Include sites-enabled/ +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/000-jogamp.org b/server/setup/05-service-settings/etc/apache2/sites-available/000-jogamp.org deleted file mode 100644 index 4de7279..0000000 --- a/server/setup/05-service-settings/etc/apache2/sites-available/000-jogamp.org +++ /dev/null @@ -1,247 +0,0 @@ -# -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# - - ServerAdmin jausoft@jausoft.com - ServerName jogamp.org - ServerAlias www.jogamp.org - ServerPath /jogamp.org/ - RewriteEngine On - - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - - DocumentRoot /srv/www/jogamp.org - - # don't loose time with IP address lookups - HostnameLookups Off - - # needed for named virtual hosts - UseCanonicalName Off - - # configures the footer on server-generated documents - ServerSignature On - - - Options Indexes FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - - RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] - - #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - RewriteCond %{REQUEST_URI} ^/wiki/index.php$ - RewriteCond %{QUERY_STRING} ^title=Special:UserLogin - RewriteCond %{REQUEST_METHOD} ^GET$ - RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE] - - # - # Due to security concerns, session hijacking .. etc .. the whole - # bugzilla stream will go over https - # - RewriteCond %{REQUEST_URI} ^/bugzilla - RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE] - - SetEnv GIT_PROJECT_ROOT /srv/scm - SetEnv GIT_HTTP_EXPORT_ALL - ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ - - DirectoryIndex gitweb.cgi - Allow from all - AllowOverride all - Order allow,deny - Options ExecCGI - - SetHandler cgi-script - - SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf - - - Alias /icons/ "/srv/www/jogamp.org/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - - # - # Due to security concerns, session hijacking .. etc .. the whole - # hudson and bugzilla stream will go over https - # - RewriteCond %{REQUEST_URI} ^/chuck - RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] - - #RewriteCond %{REQUEST_URI} ^/chuck - #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE] - # - #RewriteCond %{REQUEST_URI} ^/chuck - #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR] - #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC] - #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] - # - # Cookies: - # wikidb_mw_LoggedOut / - # wikidb_mw__session / - # wikidb_mw_Token / - # wikidb_mw_UserID / - # wikidb_mw_UserName / - # - # Bugzilla_login /bugzilla - # Bugzilla_logincookie /bugzilla - # DEFAULTFORMAT /bugzilla - # - # ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE /chuck - # JSESSIONID /chuck - # - - # - # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache - # - #ProxyRequests Off - #ProxyPreserveHost On - - # Local reverse proxy authorization override - # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) - # - # Order deny,allow - # Allow from all - # - #ProxyPass /chuck http://localhost:8080/chuck - #ProxyPassReverse /chuck http://localhost:8080/chuck - - - - ServerName blog.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName bugzilla.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName wiki.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName scm.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE] - - - - ServerName jogl.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] - - - - ServerName jocl.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] - - - - ServerName joal.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] - - - - ServerName demos.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName chuck.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName jogamp.com - ServerAlias *.jogamp.com - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.com-access.log combined - - RewriteEngine On - RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] - - -# -# Directives to allow use of AWStats as a CGI -# -#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" -#Alias /awstatscss "/usr/local/awstats/wwwroot/css/" -#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" -#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" - -# -# This is to permit URL access to scripts/files in AWStats directory. -# - - Options None - AllowOverride None - Order allow,deny - Allow from all - - diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/001-jogamp.org-ssl b/server/setup/05-service-settings/etc/apache2/sites-available/001-jogamp.org-ssl deleted file mode 100644 index 062d2d5..0000000 --- a/server/setup/05-service-settings/etc/apache2/sites-available/001-jogamp.org-ssl +++ /dev/null @@ -1,256 +0,0 @@ - - - - # General setup for the virtual host, inherited from global configuration - ServerName jogamp.org - ServerPath /jogamp.org/ - RewriteEngine On - DocumentRoot /srv/www/jogamp.org - - # Use separate log files for the SSL virtual host; note that LogLevel - # is not inherited from httpd.conf. - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log - TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log - LogLevel warn - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # SSL Protocol support: - # List the enable protocol levels with which clients will be able to - # connect. Disable SSLv2 access by default: - SSLProtocol all -SSLv2 - - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem - SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # Access Control: - # With SSLRequire you can do per-directory access control based - # on arbitrary complex boolean expressions containing server - # variable checks and other lookup directives. The syntax is a - # mixture between C and Perl. See the mod_ssl documentation - # for more details. - # - #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ - # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ - # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ - # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ - # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ - # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ - # - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o StrictRequire: - # This denies access when "SSLRequireSSL" or "SSLRequire" applied even - # under a "Satisfy any" situation, i.e. when it applies access is denied - # and no other module can change it. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - # Per-Server Logging: - # The home of a custom SSL log file. Use this when you want a - # compact non-error SSL logfile on a virtual host basis. - CustomLog /var/log/apache2/jogamp.org-ssl-request.log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined - - # configures the footer on server-generated documents - ServerSignature On - - - Options Indexes FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - -# ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla" - - AddHandler cgi-script .cgi - Options +Indexes +ExecCGI -MultiViews +FollowSymLinks - DirectoryIndex index.cgi - AllowOverride Limit FileInfo Indexes - - - SetEnv GIT_PROJECT_ROOT /srv/scm - SetEnv GIT_HTTP_EXPORT_ALL - ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ - - DirectoryIndex gitweb.cgi - Allow from all - AllowOverride all - Order allow,deny - Options ExecCGI - - SetHandler cgi-script - - SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf - - - Alias /icons/ "/srv/www/jogamp.org/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - - # - # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache - # - ProxyRequests Off - ProxyPreserveHost On - - # Local reverse proxy authorization override - # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) - - Order deny,allow - Allow from all - - - ProxyPass /chuck http://127.0.0.1:8080/chuck - ProxyPassReverse /chuck http://127.0.0.1:8080/chuck - ProxyPassReverse /chuck http://jogamp.org/chuck - -# ProxyPass /chuck/ http://127.0.0.1:8080/chuck/ -# -# ProxyPassReverse / -# Order deny,allow -# Allow from all -# - Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/ - - - - - ServerName jogamp.com - ServerAlias *.jogamp.com - ServerPath /jogamp.org/ - SSLEngine on - ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined - - SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem - SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem - - RewriteEngine On - RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] - - diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org deleted file mode 100644 index f9101fa..0000000 --- a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org +++ /dev/null @@ -1,247 +0,0 @@ -# -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# - - ServerAdmin jausoft@jausoft.com - ServerName jogamp.org - ServerAlias www.jogamp.org - ServerPath /jogamp.org/ - RewriteEngine On - - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - - DocumentRoot /srv/www/jogamp.org - - # don't loose time with IP address lookups - HostnameLookups Off - - # needed for named virtual hosts - UseCanonicalName Off - - # configures the footer on server-generated documents - ServerSignature On - - - Options Indexes FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - - RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] - - #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - RewriteCond %{REQUEST_URI} ^/wiki/index.php$ - RewriteCond %{QUERY_STRING} ^title=Special:UserLogin - RewriteCond %{REQUEST_METHOD} ^GET$ - RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE] - - # - # Due to security concerns, session hijacking .. etc .. the whole - # bugzilla stream will go over https - # - RewriteCond %{REQUEST_URI} ^/bugzilla - RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE] - - SetEnv GIT_PROJECT_ROOT /srv/scm - SetEnv GIT_HTTP_EXPORT_ALL - ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ - - DirectoryIndex gitweb.cgi - Allow from all - AllowOverride all - Order allow,deny - Options ExecCGI - - SetHandler cgi-script - - SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf - - - Alias /icons/ "/srv/www/jogamp.org/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - - # - # Due to security concerns, session hijacking .. etc .. the whole - # hudson and bugzilla stream will go over https - # - RewriteCond %{REQUEST_URI} ^/chuck - RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] - - #RewriteCond %{REQUEST_URI} ^/chuck - #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE] - # - #RewriteCond %{REQUEST_URI} ^/chuck - #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR] - #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC] - #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] - # - # Cookies: - # wikidb_mw_LoggedOut / - # wikidb_mw__session / - # wikidb_mw_Token / - # wikidb_mw_UserID / - # wikidb_mw_UserName / - # - # Bugzilla_login /bugzilla - # Bugzilla_logincookie /bugzilla - # DEFAULTFORMAT /bugzilla - # - # ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE /chuck - # JSESSIONID /chuck - # - - # - # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache - # - #ProxyRequests Off - #ProxyPreserveHost On - - # Local reverse proxy authorization override - # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) - # - # Order deny,allow - # Allow from all - # - #ProxyPass /chuck http://localhost:8080/chuck - #ProxyPassReverse /chuck http://localhost:8080/chuck - - - - ServerName blog.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName bugzilla.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName wiki.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName scm.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE] - - - - ServerName jogl.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] - - - - ServerName jocl.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] - - - - ServerName joal.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] - - - - ServerName demos.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName chuck.jogamp.org - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined - RewriteEngine On - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] - - - - ServerName jogamp.com - ServerAlias *.jogamp.com - ServerPath /jogamp.org/ - ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error_log - CustomLog ${APACHE_LOG_DIR}/jogamp.com-access_log combined - - RewriteEngine On - RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] - RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] - - -# -# Directives to allow use of AWStats as a CGI -# -#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" -#Alias /awstatscss "/usr/local/awstats/wwwroot/css/" -#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" -#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" - -# -# This is to permit URL access to scripts/files in AWStats directory. -# - - Options None - AllowOverride None - Order allow,deny - Allow from all - - diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org-ssl b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org-ssl deleted file mode 100644 index 062d2d5..0000000 --- a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp.org-ssl +++ /dev/null @@ -1,256 +0,0 @@ - - - - # General setup for the virtual host, inherited from global configuration - ServerName jogamp.org - ServerPath /jogamp.org/ - RewriteEngine On - DocumentRoot /srv/www/jogamp.org - - # Use separate log files for the SSL virtual host; note that LogLevel - # is not inherited from httpd.conf. - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log - TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log - LogLevel warn - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # SSL Protocol support: - # List the enable protocol levels with which clients will be able to - # connect. Disable SSLv2 access by default: - SSLProtocol all -SSLv2 - - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem - SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # Access Control: - # With SSLRequire you can do per-directory access control based - # on arbitrary complex boolean expressions containing server - # variable checks and other lookup directives. The syntax is a - # mixture between C and Perl. See the mod_ssl documentation - # for more details. - # - #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ - # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ - # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ - # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ - # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ - # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ - # - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o StrictRequire: - # This denies access when "SSLRequireSSL" or "SSLRequire" applied even - # under a "Satisfy any" situation, i.e. when it applies access is denied - # and no other module can change it. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - # Per-Server Logging: - # The home of a custom SSL log file. Use this when you want a - # compact non-error SSL logfile on a virtual host basis. - CustomLog /var/log/apache2/jogamp.org-ssl-request.log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined - - # configures the footer on server-generated documents - ServerSignature On - - - Options Indexes FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - -# ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla" - - AddHandler cgi-script .cgi - Options +Indexes +ExecCGI -MultiViews +FollowSymLinks - DirectoryIndex index.cgi - AllowOverride Limit FileInfo Indexes - - - SetEnv GIT_PROJECT_ROOT /srv/scm - SetEnv GIT_HTTP_EXPORT_ALL - ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ - - DirectoryIndex gitweb.cgi - Allow from all - AllowOverride all - Order allow,deny - Options ExecCGI - - SetHandler cgi-script - - SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf - - - Alias /icons/ "/srv/www/jogamp.org/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - - # - # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache - # - ProxyRequests Off - ProxyPreserveHost On - - # Local reverse proxy authorization override - # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) - - Order deny,allow - Allow from all - - - ProxyPass /chuck http://127.0.0.1:8080/chuck - ProxyPassReverse /chuck http://127.0.0.1:8080/chuck - ProxyPassReverse /chuck http://jogamp.org/chuck - -# ProxyPass /chuck/ http://127.0.0.1:8080/chuck/ -# -# ProxyPassReverse / -# Order deny,allow -# Allow from all -# - Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/ - - - - - ServerName jogamp.com - ServerAlias *.jogamp.com - ServerPath /jogamp.org/ - SSLEngine on - ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log - CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined - - SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem - SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem - - RewriteEngine On - RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] - - RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] - RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] - - diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf new file mode 100644 index 0000000..5bdcbf9 --- /dev/null +++ b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf @@ -0,0 +1,281 @@ + + + + # General setup for the virtual host, inherited from global configuration + ServerName jogamp.org + ServerPath /jogamp.org/ + RewriteEngine On + DocumentRoot /srv/www/jogamp.org + + # Use separate log files for the SSL virtual host; note that LogLevel + # is not inherited from httpd.conf. + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log + TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log + LogLevel warn + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # SSL Protocol support: + # List the enable protocol levels with which clients will be able to + # connect. Disable SSLv2 access by default: + SSLProtocol all -SSLv2 + + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + # LOW: SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + # Enable only secure ciphers: + #SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + + #SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK + #SSLCipherSuite DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK + SSLCipherSuite DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA::HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK + SSLHonorCipherOrder on + + SetEnv no-gzip + + # Add content to the 1st file of SSLCertificateFile + # /etc/ssl/local/DH-1024.pem + # See https://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh + + # A self-signed (snakeoil) certificate can be created by installing + # the ssl-cert package. See + # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. + # If both key and certificate are stored in the same file, only the + # SSLCertificateFile directive is needed. + # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + SSLCertificateFile /etc/ssl/local/jogamp2016b-hostcert.pem + SSLCertificateKeyFile /etc/ssl/local/jogamp2016b-hostkey.apache.pem + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt + + #SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem + #SSLCertificateChainFile /etc/ssl/local/thawte-ca-cert3-20151105.pem + SSLCertificateChainFile /etc/ssl/local/thawte-ca-cert4-20171102.pem + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # Access Control: + # With SSLRequire you can do per-directory access control based + # on arbitrary complex boolean expressions containing server + # variable checks and other lookup directives. The syntax is a + # mixture between C and Perl. See the mod_ssl documentation + # for more details. + # + #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ + # + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even + # under a "Satisfy any" situation, i.e. when it applies access is denied + # and no other module can change it. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + + # Per-Server Logging: + # The home of a custom SSL log file. Use this when you want a + # compact non-error SSL logfile on a virtual host basis. + CustomLog /var/log/apache2/jogamp.org-ssl-request.log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined + + # configures the footer on server-generated documents + ServerSignature On + + + Options Indexes FollowSymLinks + AllowOverride All + #Order allow,deny + #Allow from all + Require all granted + + +# ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla" + + #PerlSwitches -w -T + #PerlConfigRequire /srv/www/jogamp.org/bugzilla/mod_perl.pl + + AddHandler cgi-script .cgi + Options +Indexes +ExecCGI -MultiViews +FollowSymLinks + DirectoryIndex index.cgi index.html + AllowOverride Limit FileInfo AuthConfig Indexes Options + + + SetEnv GIT_PROJECT_ROOT /srv/scm + SetEnv GIT_HTTP_EXPORT_ALL + ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ + + DirectoryIndex gitweb.cgi + AllowOverride all + #Order allow,deny + #Allow from all + Require all granted + Options ExecCGI + + SetHandler cgi-script + + SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf + + + Alias /icons/ "/srv/www/jogamp.org/icons/" + + + Options Indexes MultiViews + AllowOverride None + #Order allow,deny + #Allow from all + Require all granted + + + # + # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache + # + ProxyRequests Off + ProxyPreserveHost On + + # Local reverse proxy authorization override + # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) + + #Order deny,allow + #Allow from all + #Require all denied + Require all granted + + + ProxyPass /chuck http://127.0.0.1:8080/chuck + ProxyPassReverse /chuck http://127.0.0.1:8080/chuck + ProxyPassReverse /chuck http://jogamp.org/chuck + +# ProxyPass /chuck/ http://127.0.0.1:8080/chuck/ +# +# ProxyPassReverse / +# #Order deny,allow +# #Allow from all +# Require all denied +# + Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/ + + + + + ServerName jogamp.com + ServerAlias *.jogamp.com + ServerPath /jogamp.org/ + SSLEngine on + ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined + + SSLCertificateFile /etc/ssl/local/jogamp2016a-hostcert.pem + SSLCertificateKeyFile /etc/ssl/local/jogamp2016a-hostkey.apache.pem + SSLCertificateChainFile /etc/ssl/local/thawte-ca-cert3-20151105.pem + + RewriteEngine On + RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] + RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] + + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] + RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] + + RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] + RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] + + diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf new file mode 100644 index 0000000..f40a8eb --- /dev/null +++ b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf @@ -0,0 +1,254 @@ +# +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for requests without a known +# server name. +# + + ServerAdmin jausoft@jausoft.com + ServerName jogamp.org + ServerAlias www.jogamp.org + ServerPath /jogamp.org/ + RewriteEngine On + + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + + DocumentRoot /srv/www/jogamp.org + + # don't loose time with IP address lookups + HostnameLookups Off + + # needed for named virtual hosts + UseCanonicalName Off + + # configures the footer on server-generated documents + ServerSignature On + + + Options Indexes FollowSymLinks + AllowOverride All + #Order allow,deny + #Allow from all + Require all granted + + + RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] + + #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] + + RewriteCond %{REQUEST_URI} ^/wiki/index.php$ + RewriteCond %{QUERY_STRING} ^title=Special:UserLogin + RewriteCond %{REQUEST_METHOD} ^GET$ + RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE] + + # + # Due to security concerns, session hijacking .. etc .. the whole + # bugzilla stream will go over https + # + RewriteCond %{REQUEST_URI} ^/bugzilla + RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE] + + SetEnv GIT_PROJECT_ROOT /srv/scm + SetEnv GIT_HTTP_EXPORT_ALL + ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ + + DirectoryIndex gitweb.cgi + AllowOverride all + #Order allow,deny + #Allow from all + Require all granted + Options ExecCGI + + SetHandler cgi-script + + SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf + + + Alias /icons/ "/srv/www/jogamp.org/icons/" + + + Options Indexes MultiViews + AllowOverride None + #Order allow,deny + #Allow from all + Require all granted + + + # + # Due to security concerns, session hijacking .. etc .. the whole + # hudson and bugzilla stream will go over https + # + RewriteCond %{REQUEST_URI} ^/chuck + RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] + + #RewriteCond %{REQUEST_URI} ^/chuck + #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE] + # + #RewriteCond %{REQUEST_URI} ^/chuck + #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR] + #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC] + #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] + # + # Cookies: + # wikidb_mw_LoggedOut / + # wikidb_mw__session / + # wikidb_mw_Token / + # wikidb_mw_UserID / + # wikidb_mw_UserName / + # + # Bugzilla_login /bugzilla + # Bugzilla_logincookie /bugzilla + # DEFAULTFORMAT /bugzilla + # + # ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE /chuck + # JSESSIONID /chuck + # + + # + # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache + # + #ProxyRequests Off + #ProxyPreserveHost On + + # Local reverse proxy authorization override + # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) + # + # #Order deny,allow + # #Allow from all + # Require all denied + # #Require all denied + # Require all granted + # + #ProxyPass /chuck http://localhost:8080/chuck + #ProxyPassReverse /chuck http://localhost:8080/chuck + + + + ServerName blog.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] + + + + ServerName bugzilla.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] + + + + ServerName wiki.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] + + + + ServerName scm.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE] + + + + ServerName jogl.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] + + + + ServerName jocl.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] + + + + ServerName joal.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] + + + + ServerName demos.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] + + + + ServerName chuck.jogamp.org + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.org-access.log combined + RewriteEngine On + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] + RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] + + + + ServerName jogamp.com + ServerAlias *.jogamp.com + ServerPath /jogamp.org/ + ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error.log + CustomLog ${APACHE_LOG_DIR}/jogamp.com-access.log combined + + RewriteEngine On + RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] + + RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] + + RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] + RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] + + +# +# Directives to allow use of AWStats as a CGI +# +#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" +#Alias /awstatscss "/usr/local/awstats/wwwroot/css/" +#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" +#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" + +# +# This is to permit URL access to scripts/files in AWStats directory. +# + + Options None + AllowOverride None + #Order allow,deny + #Allow from all + Require all granted + + -- cgit v1.2.3