# # This file is managed by Salt! Do not edit by hand # # # /etc/apache2/httpd.conf # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See for detailed information about # the directives. # Based upon the default apache configuration file that ships with apache, # which is based upon the NCSA server configuration files originally by Rob # McCool. This file was knocked together by Peter Poeml . # If possible, avoid changes to this file. It does mainly contain Include # statements and global settings that can/should be overridden in the # configuration of your virtual hosts. # Quickstart guide: # http://en.opensuse.org/SDB:Apache_installation # Overview of include files, chronologically: # # httpd.conf # | # |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under # |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) # |-- loadmodule.conf . . . . . . . . . . . [*] load these modules # |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on # |-- mod_log_config.conf . . . . . . . . . define logging formats # |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings # |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) # |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info # |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests # |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active # |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking # |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings # |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration # |-- errors.conf . . . . . . . . . . . . . customize error responses # |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts # | # |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests # | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded) # | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed) # | # `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here # `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) # # # Files marked [*] are NOT read when server is started via systemd service. When server # is started via service, defaults from /etc/sysconfig/apache2 are taken into account. # # Filesystem layout: # # /etc/apache2/ # |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap # |-- conf.d/ # | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc # | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4 # | `-- ... . . . . . . . . . . . . . . . other configuration added by packages # |-- default-server.conf # |-- errors.conf # |-- httpd.conf . . . . . . . . . . . . . top level configuration file # |-- listen.conf # |-- magic # |-- mime.types -> ../mime.types # |-- mod_autoindex-defaults.conf # |-- mod_info.conf # |-- mod_log_config.conf # |-- mod_mime-defaults.conf # |-- mod_perl-startup.pl # |-- mod_status.conf # |-- mod_userdir.conf # |-- mod_usertrack.conf # |-- server-tuning.conf # |-- ssl-global.conf # |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL) # |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates # |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests # |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys # |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files # |-- global.conf # |-- loadmodule.conf # |-- uid.conf # `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here # |-- vhost-ssl.template # `-- vhost.template ### Global Environment ###################################################### # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests. # run under this user/group id Include /etc/apache2/uid.conf # - how many server processes to start (server pool regulation) # - usage of KeepAlive Include /etc/apache2/server-tuning.conf # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. ErrorLog /var/log/apache2/error_log # generated from default value of APACHE_MODULES in /etc/sysconfig/apache2 Include /etc/apache2/loadmodule.conf # IP addresses / ports to listen on Include /etc/apache2/listen.conf # predefined logging formats Include /etc/apache2/mod_log_config.conf # generated from default values of global settings in /etc/sysconfig/apache2 Include /etc/apache2/global.conf # optional mod_status, mod_info Include /etc/apache2/mod_status.conf Include /etc/apache2/mod_info.conf # mod_reqtimeout protects the server from the so-called "slowloris" # attack: The server is not swamped with requests in fast succession, # but with slowly transmitted request headers and body, thereby filling up # the request slots until the server runs out of them. # mod_reqtimeout is lightweight and should deliver good results # with the configured default values. You shouldn't notice it at all. Include /etc/apache2/mod_reqtimeout.conf # Fix for CVE-2014-0231 introduces new configuration parameter # CGIDScriptTimeout. This directive and its effect prevent request # workers to be eaten until starvation if cgi programs do not send # output back to the server within the timout set by CGIDScriptTimeout. Include /etc/apache2/mod_cgid-timeout.conf # optional cookie-based user tracking # read the documentation before using it!! Include /etc/apache2/mod_usertrack.conf # configuration of server-generated directory listings Include /etc/apache2/mod_autoindex-defaults.conf # associate MIME types with filename extensions TypesConfig /etc/apache2/mime.types Include /etc/apache2/mod_mime-defaults.conf # set up (customizable) error responses Include /etc/apache2/errors.conf # global (server-wide) SSL configuration, that is not specific to # any virtual host Include /etc/apache2/ssl-global.conf {% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) -%} Include /etc/apache24/conf.d/tls-defaults.conf {%- endif %} # forbid access to the entire filesystem by default Options None AllowOverride None Require all denied Order deny,allow Deny from all # use .htaccess files for overriding, AccessFileName .htaccess # and never show them Require all denied Order allow,deny Deny from all # List of resources to look for when the client requests a directory DirectoryIndex index.html index.html.var ### 'Main' server configuration ############################################# # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # definition. These values also provide defaults for # any containers you may define later in the file. # # All of these directives may appear inside containers, # in which case these default settings will be overridden for the # virtual host being defined. # Include /etc/apache2/default-server.conf ### Virtual server configuration ############################################ # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # IncludeOptional /etc/apache2/vhosts.d/*.conf # Note: instead of adding your own configuration here, consider # adding it in your own file (/etc/apache2/httpd.conf.local) # putting its name into APACHE_CONF_INCLUDE_FILES in # /etc/sysconfig/apache2 -- this will make system updates # easier :)