166 lines
5.4 KiB
ApacheConf
166 lines
5.4 KiB
ApacheConf
#
|
|
# This is the main Apache HTTP server configuration file. It contains the
|
|
# configuration directives that give the server its instructions.
|
|
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
|
|
# In particular, see
|
|
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
|
|
# for a discussion of each configuration directive.
|
|
#
|
|
# Do NOT simply read the instructions in here without understanding
|
|
# what they do. They're here only as hints or reminders. If you are unsure
|
|
# consult the online docs. You have been warned.
|
|
#
|
|
# Configuration and logfile names: If the filenames you specify for many
|
|
# of the server's control files begin with "/" (or "drive:/" for Win32), the
|
|
# server will use that explicit path. If the filenames do *not* begin
|
|
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
|
|
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
|
|
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
|
|
# will be interpreted as '/logs/access_log'.
|
|
|
|
#
|
|
# ServerRoot: The top of the directory tree under which the server's
|
|
# configuration, error, and log files are kept.
|
|
#
|
|
# Do not add a slash at the end of the directory path. If you point
|
|
# ServerRoot at a non-local disk, be sure to specify a local disk on the
|
|
# Mutex directive, if file-based mutexes are used. If you wish to share the
|
|
# same ServerRoot for multiple httpd daemons, you will need to change at
|
|
# least PidFile.
|
|
#
|
|
ServerRoot "/usr/local/apache2"
|
|
|
|
#
|
|
# Mutex: Allows you to set the mutex mechanism and mutex file directory
|
|
# for individual mutexes, or change the global defaults
|
|
#
|
|
# Uncomment and change the directory if mutexes are file-based and the default
|
|
# mutex file directory is not on a local disk or is not appropriate for some
|
|
# other reason.
|
|
#
|
|
# Mutex default:logs
|
|
|
|
#
|
|
# Listen: Allows you to bind Apache to specific IP addresses and/or
|
|
# ports, instead of the default. See also the <VirtualHost>
|
|
# directive.
|
|
#
|
|
# Change this to Listen on specific IP addresses as shown below to
|
|
# prevent Apache from glomming onto all bound IP addresses.
|
|
#
|
|
#Listen 12.34.56.78:80
|
|
Listen 9092
|
|
|
|
#
|
|
# Dynamic Shared Object (DSO) Support
|
|
#
|
|
# To be able to use the functionality of a module which was built as a DSO you
|
|
# have to place corresponding `LoadModule' lines at this location so the
|
|
# directives contained in it are actually available _before_ they are used.
|
|
# Statically compiled modules (those listed by `httpd -l') do not need
|
|
# to be loaded here.
|
|
#
|
|
# Example:
|
|
# LoadModule foo_module modules/mod_foo.so
|
|
#
|
|
|
|
LoadModule mpm_event_module modules/mod_mpm_event.so
|
|
LoadModule access_compat_module modules/mod_access_compat.so
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
LoadModule auth_basic_module modules/mod_auth_basic.so
|
|
LoadModule authn_core_module modules/mod_authn_core.so
|
|
LoadModule authz_core_module modules/mod_authz_core.so
|
|
LoadModule authn_file_module modules/mod_authn_file.so
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
LoadModule proxy_module modules/mod_proxy.so
|
|
LoadModule proxy_connect_module modules/mod_proxy_connect.so
|
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
LoadModule unixd_module modules/mod_unixd.so
|
|
|
|
<IfModule unixd_module>
|
|
User www-data
|
|
Group www-data
|
|
</IfModule>
|
|
|
|
|
|
ServerAdmin you@example.com
|
|
|
|
ServerName forward-proxy
|
|
|
|
ErrorLog /proc/self/fd/2
|
|
|
|
LogLevel warn
|
|
|
|
<IfModule log_config_module>
|
|
#
|
|
# The following directives define some format nicknames for use with
|
|
# a CustomLog directive (see below).
|
|
#
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
|
|
<IfModule logio_module>
|
|
# You need to enable mod_logio.c to use %I and %O
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
|
|
</IfModule>
|
|
|
|
#
|
|
# The location and format of the access logfile (Common Logfile Format).
|
|
# If you do not define any access logfiles within a <VirtualHost>
|
|
# container, they will be logged here. Contrariwise, if you *do*
|
|
# define per-<VirtualHost> access logfiles, transactions will be
|
|
# logged therein and *not* in this file.
|
|
#
|
|
CustomLog logs/access_log common
|
|
|
|
#
|
|
# If you prefer a logfile with access, agent, and referer information
|
|
# (Combined Logfile Format) you can use the following directive.
|
|
#
|
|
#CustomLog "logs/access_log" combined
|
|
</IfModule>
|
|
|
|
<IfModule proxy_module>
|
|
ProxyRequests On
|
|
ProxyVia On
|
|
<Proxy *>
|
|
Allow from all
|
|
</Proxy>
|
|
</IfModule>
|
|
|
|
|
|
<VirtualHost *:9092>
|
|
# SSLEngine on
|
|
# SSLCertificateKeyFile /usr/local/apache2/conf/server_forward-proxy_key.pem
|
|
# SSLCertificateFile /usr/local/apache2/conf/server_forward-proxy_certificate.pem
|
|
# SSLCertificateChainFile /usr/local/apache2/conf/ca_keycloak_certificate.pem
|
|
# SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
|
# SSLProxyVerify none
|
|
AllowCONNECT 8443
|
|
|
|
# SSLProxyEngine On
|
|
|
|
# SSLProxyVerify none
|
|
# SSLProxyCheckPeerCN off
|
|
# SSLProxyCheckPeerName off
|
|
# SSLProxyCheckPeerExpire off
|
|
# SSLProxyProtocol +TLSv1.2
|
|
|
|
ProxyRequests On
|
|
ProxyVia On
|
|
LogLevel debug
|
|
ErrorLog /dev/stderr
|
|
CustomLog /dev/stdout combined
|
|
|
|
<Proxy "*">
|
|
Allow from all
|
|
AuthType Basic
|
|
AuthName "Restricted Site"
|
|
AuthBasicProvider file
|
|
AuthUserFile /usr/local/apache2/conf/.htpasswd
|
|
Require valid-user
|
|
|
|
</Proxy>
|
|
</VirtualHost>
|