mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 19:52:06 +00:00
567 lines
18 KiB
Django/Jinja
Executable file
567 lines
18 KiB
Django/Jinja
Executable file
# This configuration file supplements the main Apache
|
|
# server configuration file (conf/httpd.conf). It contains the
|
|
# configuration directives that specifically relate to the
|
|
# IIAB Schoolserver.
|
|
#
|
|
# Some of the choices are a bit subjective, but in general directives
|
|
# that are still valid in 2.4 are left if they override something
|
|
# in conf/httpd.conf.
|
|
#
|
|
|
|
### Section 1: Global Environment
|
|
#
|
|
# The directives in this section affect the overall operation of Apache,
|
|
# such as the number of concurrent requests it can handle or where it
|
|
# can find its configuration files.
|
|
#
|
|
#
|
|
# The following token will be replaced to select IfDefine clause later
|
|
{% if ansible_memtotal_mb < 512 %}
|
|
define MEM256m
|
|
{% endif %}
|
|
{% if ansible_memtotal_mb > 512 and ansible_memtotal_mb < 1000 %}
|
|
define MEM512m
|
|
{% endif %}
|
|
#
|
|
# Don't give away too much information about all the subcomponents
|
|
# we are running. Comment out this line if you don't mind remote sites
|
|
# finding out what major optional modules you are running
|
|
ServerTokens OS
|
|
|
|
#
|
|
# PidFile: The file in which the server should record its process
|
|
# identification number when it starts.
|
|
#
|
|
# PidFile run/httpd.pid - this must be legacy
|
|
# 2.4 default is /run/httpd/httpd.pid
|
|
|
|
#
|
|
# Timeout: The number of seconds before receives and sends time out.
|
|
#
|
|
# Timeout 120
|
|
#
|
|
# 2020-01-15: To mitigate the worst of Kiwix search timeouts, let's comment out
|
|
# the above "Timeout 120" and defer to Apache default "Timeout 300" as set in:
|
|
# /etc/apache2/apache2.conf
|
|
# Let's very soon also raise NGINX default "proxy_read_timeout 60s;" within:
|
|
# /etc/nginx/nginx.conf OR...
|
|
# /etc/nginx/server.conf OR...
|
|
# /etc/nginx/proxy_params AND POSSIBLY ALSO...
|
|
# /etc/nginx/conf.d/kiwix-nginx.conf
|
|
# These 2 NGINX defaults might also need changing on overtaxed IIAB servers...?
|
|
# proxy_connect_timeout 60s; # time to answer the door bell
|
|
# proxy_send_timeout 60s; # time to accept the request
|
|
# More background details on this ongoing Kiwix problem:
|
|
# https://github.com/iiab/iiab/pull/2063
|
|
# https://github.com/kiwix/kiwix-tools/issues/345
|
|
|
|
#
|
|
# KeepAlive: Whether or not to allow persistent connections (more than
|
|
# one request per connection). Set to "Off" to deactivate.
|
|
#
|
|
KeepAlive On
|
|
|
|
#
|
|
# MaxKeepAliveRequests: The maximum number of requests to allow
|
|
# during a persistent connection. Set to 0 to allow an unlimited amount.
|
|
# We recommend you leave this number high, for maximum performance.
|
|
#
|
|
MaxKeepAliveRequests 10
|
|
|
|
#
|
|
# KeepAliveTimeout: Number of seconds to wait for the next request from the
|
|
# same client on the same connection.
|
|
#
|
|
KeepAliveTimeout 1
|
|
|
|
##
|
|
## Server-Pool Size Regulation (MPM specific)
|
|
##
|
|
|
|
# prefork MPM
|
|
# StartServers: number of server processes to start
|
|
# MinSpareServers: minimum number of server processes which are kept spare
|
|
# MaxSpareServers: maximum number of server processes which are kept spare
|
|
# ServerLimit: maximum value for MaxClients for the lifetime of the server
|
|
# MaxClients: maximum number of server processes allowed to start
|
|
# MaxRequestsPerChild: maximum number of requests a server process serves
|
|
<IfModule prefork.c>
|
|
|
|
<IfDefine MEM256m>
|
|
# Keep MaxClients matched to Pg
|
|
|
|
StartServers 4
|
|
MinSpareServers 1
|
|
MaxSpareServers 2
|
|
ServerLimit 12
|
|
MaxClients 12
|
|
MaxRequestsPerChild 10
|
|
</IfDefine>
|
|
|
|
<IfDefine MEM512m>
|
|
# Keep MaxClients matched to Pg
|
|
StartServers 4
|
|
MinSpareServers 1
|
|
MaxSpareServers 4
|
|
ServerLimit 25
|
|
MaxClients 25
|
|
MaxRequestsPerChild 20
|
|
</IfDefine>
|
|
|
|
<IfDefine MEM1024m>
|
|
# Keep MaxClients matched to Pg
|
|
StartServers 4
|
|
MinSpareServers 2
|
|
MaxSpareServers 4
|
|
ServerLimit 42
|
|
MaxClients 42
|
|
MaxRequestsPerChild 30
|
|
</IfDefine>
|
|
|
|
<IfDefine MEM2048m>
|
|
# Keep MaxClients matched to Pg
|
|
StartServers 4
|
|
MinSpareServers 2
|
|
MaxSpareServers 6
|
|
ServerLimit 55
|
|
MaxClients 55
|
|
MaxRequestsPerChild 50
|
|
</IfDefine>
|
|
|
|
|
|
</IfModule>
|
|
|
|
# worker MPM
|
|
# StartServers: initial number of server processes to start
|
|
# MaxClients: maximum number of simultaneous client connections
|
|
# MinSpareThreads: minimum number of worker threads which are kept spare
|
|
# MaxSpareThreads: maximum number of worker threads which are kept spare
|
|
# ThreadsPerChild: constant number of worker threads in each server process
|
|
# MaxRequestsPerChild: maximum number of requests a server process serves
|
|
<IfModule worker.c>
|
|
StartServers 2
|
|
MaxClients 150
|
|
MinSpareThreads 25
|
|
MaxSpareThreads 75
|
|
ThreadsPerChild 25
|
|
MaxRequestsPerChild 0
|
|
</IfModule>
|
|
|
|
#
|
|
# Listen: take default
|
|
#
|
|
|
|
### Section 2: 'Main' server configuration
|
|
#
|
|
# The directives in this section set up the values used by the 'main'
|
|
# server, which responds to any requests that aren't handled by a
|
|
# <VirtualHost> definition. These values also provide defaults for
|
|
# any <VirtualHost> containers you may define later in the file.
|
|
|
|
ServerName {{ iiab_hostname }}
|
|
|
|
#
|
|
# UseCanonicalName: Determines how Apache constructs self-referencing
|
|
# URLs and the SERVER_NAME and SERVER_PORT variables.
|
|
# When set "Off", Apache will use the Hostname and Port supplied
|
|
# by the client. When set "On", Apache will use the value of the
|
|
# ServerName directive.
|
|
#
|
|
UseCanonicalName Off
|
|
|
|
#
|
|
# DocumentRoot: This is the default, but we keep the directive
|
|
# so it doesn't move in some future version.
|
|
#
|
|
DocumentRoot "{{ doc_root }}"
|
|
|
|
#
|
|
# Each directory to which Apache has access can be configured with respect
|
|
# to which services and features are allowed and/or disabled in that
|
|
# directory (and its subdirectories).
|
|
#
|
|
# First, we configure the "default" to be a very restrictive set of
|
|
# features.
|
|
#
|
|
<Directory />
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
</Directory>
|
|
|
|
<VirtualHost *:80>
|
|
ErrorLog /var/log/apache2/error.log
|
|
CustomLog /var/log/apache2/access.log combined
|
|
ServerName {{ iiab_hostname }}
|
|
ServerAlias {{ iiab_hostname }}.{{ iiab_domain }}
|
|
<Directory "{{ doc_root }}">
|
|
Options Indexes FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
</VirtualHost>
|
|
#
|
|
# UserDir: The name of the directory that is appended onto a user's home
|
|
# directory if a ~user request is received.
|
|
#
|
|
|
|
<IfModule mod_userdir.c>
|
|
#
|
|
# UserDir is disabled by default since it can confirm the presence
|
|
# of a username on the system (depending on home directory
|
|
# permissions).
|
|
#
|
|
UserDir disable
|
|
|
|
#
|
|
# To enable requests to /~user/ to serve the user's public_html
|
|
# directory, remove the "UserDir disable" line above, and uncomment
|
|
# the following line instead:
|
|
#
|
|
#UserDir public_html
|
|
|
|
</IfModule>
|
|
|
|
#
|
|
# DirectoryIndex: sets the file that Apache will serve if a directory
|
|
# is requested.
|
|
#
|
|
# The index.html.var file (a type-map) is used to deliver content-
|
|
# negotiated documents. The MultiViews Option can be used for the
|
|
# same purpose, but it is much slower.
|
|
#
|
|
# IIAB has both multiview and .var strategies
|
|
|
|
DirectoryIndex index.html index.html.var
|
|
|
|
#
|
|
# AccessFileName: The name of the file to look for in each directory
|
|
# for additional configuration directives. See also the AllowOverride
|
|
# directive.
|
|
#
|
|
# is this still needed
|
|
#
|
|
AccessFileName .htaccess
|
|
|
|
#
|
|
# The following lines prevent .htaccess and .htpasswd files from being
|
|
# viewed by Web clients.
|
|
#
|
|
<Files ~ "^\.ht">
|
|
Require all denied
|
|
</Files>
|
|
|
|
#
|
|
# HostnameLookups: Log the names of clients or just their IP addresses
|
|
# e.g., www.apache.org (on) or 204.62.129.132 (off).
|
|
# The default is off because it'd be overall better for the net if people
|
|
# had to knowingly turn this feature on, since enabling it means that
|
|
# each client request will result in AT LEAST one lookup request to the
|
|
# nameserver.
|
|
#
|
|
HostnameLookups Off
|
|
|
|
#
|
|
# Not sure what this does or if the syntax is correct
|
|
# this should be in moodle conf
|
|
#
|
|
<IfModule log_config_module>
|
|
CustomLog /var/log/moodle_access_log moodleformat
|
|
</IfModule>
|
|
|
|
#
|
|
# Optionally add a line containing the server version and virtual host
|
|
# name to server-generated pages (internal error documents, FTP directory
|
|
# listings, mod_status and mod_info output etc., but not CGI generated
|
|
# documents or custom error documents).
|
|
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
|
|
# Set to one of: On | Off | EMail
|
|
#
|
|
ServerSignature On
|
|
|
|
#
|
|
# Aliases: Add here as many aliases as you need (with no limit). The format is
|
|
# Alias fakename realname
|
|
#
|
|
# Note that if you include a trailing / on fakename then the server will
|
|
# require it to be present in the URL. So "/icons" isn't aliased in this
|
|
# example, only "/icons/". If the fakename is slash-terminated, then the
|
|
# realname must also be slash terminated, and if the fakename omits the
|
|
# trailing slash, the realname must also omit it.
|
|
#
|
|
# We include the /icons/ alias for FancyIndexed directory listings. If you
|
|
# do not use FancyIndexing, you may comment this out.
|
|
#
|
|
Alias /icons/ "/usr/share/httpd/icons/"
|
|
|
|
<Directory "/usr/share/httpd/icons">
|
|
Options Indexes MultiViews FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
#
|
|
# WebDAV module configuration section.
|
|
#
|
|
<IfModule mod_dav_fs.c>
|
|
# Location of the WebDAV lock database.
|
|
DAVLockDB /var/lib/dav/lockdb
|
|
</IfModule>
|
|
|
|
#
|
|
# ScriptAlias: This controls which directories contain server scripts.
|
|
# ScriptAliases are essentially the same as Aliases, except that
|
|
# documents in the realname directory are treated as applications and
|
|
# run by the server when requested rather than as documents sent to the client.
|
|
# The same rules about trailing "/" apply to ScriptAlias directives as to
|
|
# Alias.
|
|
#
|
|
ScriptAlias /cgi-bin/ "{{ doc_base }}/cgi-bin/"
|
|
|
|
#
|
|
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
|
|
# CGI directory exists, if you have that configured.
|
|
#
|
|
<Directory "{{ doc_base }}/cgi-bin">
|
|
AllowOverride None
|
|
Options None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
#
|
|
# Redirect allows you to tell clients about documents which used to exist in
|
|
# your server's namespace, but do not anymore. This allows you to tell the
|
|
# clients where to look for the relocated document.
|
|
# Example:
|
|
# Redirect permanent /foo http://www.example.com/bar
|
|
|
|
#
|
|
# Directives controlling the display of server-generated directory listings.
|
|
#
|
|
|
|
#
|
|
# IndexOptions: Controls the appearance of server-generated directory
|
|
# listings.
|
|
#
|
|
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
|
|
|
|
#
|
|
# AddIcon* directives tell the server which icon to show for different
|
|
# files or filename extensions. These are only displayed for
|
|
# FancyIndexed directories.
|
|
#
|
|
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
|
|
|
|
AddIconByType (TXT,/icons/text.gif) text/*
|
|
AddIconByType (IMG,/icons/image2.gif) image/*
|
|
AddIconByType (SND,/icons/sound2.gif) audio/*
|
|
AddIconByType (VID,/icons/movie.gif) video/*
|
|
|
|
AddIcon /icons/binary.gif .bin .exe
|
|
AddIcon /icons/binhex.gif .hqx
|
|
AddIcon /icons/tar.gif .tar
|
|
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
|
|
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
|
|
AddIcon /icons/a.gif .ps .ai .eps
|
|
AddIcon /icons/layout.gif .html .shtml .htm .pdf
|
|
AddIcon /icons/text.gif .txt
|
|
AddIcon /icons/c.gif .c
|
|
AddIcon /icons/p.gif .pl .py
|
|
AddIcon /icons/f.gif .for
|
|
AddIcon /icons/dvi.gif .dvi
|
|
AddIcon /icons/uuencoded.gif .uu
|
|
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
|
|
AddIcon /icons/tex.gif .tex
|
|
AddIcon /icons/bomb.gif core
|
|
|
|
AddIcon /icons/back.gif ..
|
|
AddIcon /icons/hand.right.gif README
|
|
AddIcon /icons/folder.gif ^^DIRECTORY^^
|
|
AddIcon /icons/blank.gif ^^BLANKICON^^
|
|
|
|
#
|
|
# DefaultIcon is which icon to show for files which do not have an icon
|
|
# explicitly set.
|
|
#
|
|
DefaultIcon /icons/unknown.gif
|
|
|
|
#
|
|
# AddDescription allows you to place a short description after a file in
|
|
# server-generated indexes. These are only displayed for FancyIndexed
|
|
# directories.
|
|
# Format: AddDescription "description" filename
|
|
#
|
|
#AddDescription "GZIP compressed document" .gz
|
|
#AddDescription "tar archive" .tar
|
|
#AddDescription "GZIP compressed tar archive" .tgz
|
|
|
|
#
|
|
# ReadmeName is the name of the README file the server will look for by
|
|
# default, and append to directory listings.
|
|
#
|
|
# HeaderName is the name of a file which should be prepended to
|
|
# directory indexes.
|
|
ReadmeName README.html
|
|
HeaderName HEADER.html
|
|
|
|
#
|
|
# IndexIgnore is a set of filenames which directory indexing should ignore
|
|
# and not include in the listing. Shell-style wildcarding is permitted.
|
|
#
|
|
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
|
|
|
|
#
|
|
# DefaultLanguage and AddLanguage allows you to specify the language of
|
|
# a document. You can then use content negotiation to give a browser a
|
|
# file in a language the user can understand.
|
|
#
|
|
# Specify a default language. This means that all data
|
|
# going out without a specific language tag (see below) will
|
|
# be marked with this one. You probably do NOT want to set
|
|
# this unless you are sure it is correct for all cases.
|
|
#
|
|
# * It is generally better to not mark a page as
|
|
# * being a certain language than marking it with the wrong
|
|
# * language!
|
|
#
|
|
# DefaultLanguage nl
|
|
#
|
|
# Note 1: The suffix does not have to be the same as the language
|
|
# keyword --- those with documents in Polish (whose net-standard
|
|
# language code is pl) may wish to use "AddLanguage pl .po" to
|
|
# avoid the ambiguity with the common suffix for perl scripts.
|
|
#
|
|
# Note 2: The example entries below illustrate that in some cases
|
|
# the two character 'Language' abbreviation is not identical to
|
|
# the two character 'Country' code for its country,
|
|
# E.g. 'Danmark/dk' versus 'Danish/da'.
|
|
#
|
|
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
|
|
# specifier. There is 'work in progress' to fix this and get
|
|
# the reference data for rfc1766 cleaned up.
|
|
#
|
|
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
|
|
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
|
|
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
|
|
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
|
|
# Norwegian (no) - Polish (pl) - Portugese (pt)
|
|
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
|
|
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
|
|
#
|
|
AddLanguage ca .ca
|
|
AddLanguage cs .cz .cs
|
|
AddLanguage da .dk
|
|
AddLanguage de .de
|
|
AddLanguage el .el
|
|
AddLanguage en .en
|
|
AddLanguage eo .eo
|
|
AddLanguage es .es
|
|
AddLanguage et .et
|
|
AddLanguage fr .fr
|
|
AddLanguage he .he
|
|
AddLanguage hi .hi
|
|
AddLanguage ht .ht
|
|
AddLanguage hr .hr
|
|
AddLanguage it .it
|
|
AddLanguage ja .ja
|
|
AddLanguage ko .ko
|
|
AddLanguage ltz .ltz
|
|
AddLanguage ne .ne
|
|
AddLanguage nl .nl
|
|
AddLanguage nn .nn
|
|
AddLanguage no .no
|
|
AddLanguage pl .po
|
|
AddLanguage pt .pt
|
|
AddLanguage pt-BR .pt-br
|
|
AddLanguage ru .ru
|
|
AddLanguage sv .sv
|
|
AddLanguage zh-CN .zh-cn
|
|
AddLanguage zh-TW .zh-tw
|
|
|
|
DefaultLanguage {{ default_language }}
|
|
LanguagePriority {{ language_priority }}
|
|
ForceLanguagePriority Fallback
|
|
|
|
#
|
|
# For type maps (negotiated resources):
|
|
# (This is enabled by default to allow the Apache "It Worked" page
|
|
# to be distributed in multiple languages.)
|
|
#
|
|
AddHandler type-map var
|
|
|
|
#
|
|
# Putting this all together, we can internationalize error responses.
|
|
#
|
|
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
|
|
# our collection of by-error message multi-language collections. We use
|
|
# includes to substitute the appropriate text.
|
|
#
|
|
# You can modify the messages' appearance without changing any of the
|
|
# default HTTP_<error>.html.var files by adding the line:
|
|
#
|
|
# Alias /error/include/ "/your/include/path/"
|
|
#
|
|
# which allows you to create your own set of files by starting with the
|
|
# /var/www/error/include/ files and
|
|
# copying them to /your/include/path/, even on a per-VirtualHost basis.
|
|
#
|
|
|
|
Alias /error/ "{{ doc_base }}/error/"
|
|
|
|
<IfModule mod_negotiation.c>
|
|
<IfModule mod_include.c>
|
|
<Directory "{{ doc_base }}/error">
|
|
AllowOverride None
|
|
Options IncludesNoExec
|
|
AddOutputFilter Includes html
|
|
AddHandler type-map var
|
|
Require all granted
|
|
LanguagePriority en es de fr
|
|
ForceLanguagePriority Prefer Fallback
|
|
</Directory>
|
|
|
|
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
|
|
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
|
|
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
|
|
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
|
|
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
|
|
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
|
|
# ErrorDocument 410 /error/HTTP_GONE.html.var
|
|
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
|
|
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
|
|
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
|
|
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
|
|
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
|
|
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
|
|
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
|
|
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
|
|
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
|
|
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
|
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
#
|
|
# The following directives modify normal HTTP response behavior to
|
|
# handle known problems with browser implementations.
|
|
#
|
|
BrowserMatch "Mozilla/2" nokeepalive
|
|
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
|
|
BrowserMatch "RealPlayer 4\.0" force-response-1.0
|
|
BrowserMatch "Java/1\.0" force-response-1.0
|
|
BrowserMatch "JDK/1\.0" force-response-1.0
|
|
|
|
#
|
|
# The following directive disables redirects on non-GET requests for
|
|
# a directory that does not include the trailing slash. This fixes a
|
|
# problem with Microsoft WebFolders which does not appropriately handle
|
|
# redirects for folders with DAV methods.
|
|
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
|
|
#
|
|
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
|
|
BrowserMatch "MS FrontPage" redirect-carefully
|
|
BrowserMatch "^WebDrive" redirect-carefully
|
|
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
|
|
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
|
|
BrowserMatch "^XML Spy" redirect-carefully
|
|
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
|
|
|