httpd.conf

# This is a modification of the default Apache 2.2 configuration file
# for Gentoo Linux.
#
# Support:
#   http://www.gentoo.org/main/en/lists.xml   [mailing lists]
#   http://forums.gentoo.org/                 [web forums]
#   irc://irc.freenode.net#gentoo-apache      [irc chat]
#
# Bug Reports:
#   http://bugs.gentoo.org                    [gentoo related bugs]
#   https://httpd.apache.org/bug_report.html   [apache httpd related bugs]
#
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:https://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:https://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
# with ServerRoot set to "/usr" will be interpreted by the
# server as "/usr/var/log/apache2/foo.log".

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/usr/lib/apache2"

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
#         Do not change manually, it will be overwritten on upgrade.
#
# The following modules are considered as the default configuration.
# If you wish to disable one of them, you may have to alter other
# configuration directives.
#
# Change these at your own risk!

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
<IfDefine AUTH_DIGEST>
LoadModule auth_digest_module modules/mod_auth_digest.so
</IfDefine>
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfDefine CACHE>
LoadModule cache_module modules/mod_cache.so
</IfDefine>
LoadModule cgi_module modules/mod_cgi.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
<IfDefine CACHE>
LoadModule disk_cache_module modules/mod_disk_cache.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
<IfDefine CACHE>
LoadModule file_cache_module modules/mod_file_cache.so
</IfDefine>
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
<IfDefine INFO>
LoadModule info_module modules/mod_info.so
</IfDefine>
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
<IfDefine CACHE>
LoadModule mem_cache_module modules/mod_mem_cache.so
</IfDefine>
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
<IfDefine PROXY>
LoadModule proxy_module modules/mod_proxy.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_connect_module modules/mod_proxy_connect.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_http_module modules/mod_proxy_http.so
</IfDefine>
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
<IfDefine STATUS>
LoadModule status_module modules/mod_status.so
</IfDefine>
<IfDefine SUEXEC>
LoadModule suexec_module modules/mod_suexec.so
</IfDefine>
LoadModule unique_id_module modules/mod_unique_id.so
<IfDefine USERDIR>
LoadModule userdir_module modules/mod_userdir.so
</IfDefine>
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User backuppc
Group backuppc

# Supplemental configuration
#
# Most of the configuration files in the /etc/apache2/modules.d/ directory can
# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
# or to modify the default configuration of the server.
#
# To know which flag to add to APACHE2_OPTS, look at the first line of the
# the file, which will usually be an <IfDefine OPTION> where OPTION is the
# flag to use.

Include /etc/apache2/modules.d/*.conf

# Unique lock file 
LockFile /var/lock/apache-backuppc.lock

# Very important for init script
# Unique process ID file
PidFile /var/run/apache-backuppc.pid

# Unique scoreboard file
ScoreBoardFile /var/run/apache-backuppc.scoreboard

# Common document root 
<IfDefine BACKUPPC_VHOST>


# Common document root 
DocumentRoot HTDOCSDIR
# see bug #178966 why this is in here

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

# Use name-based virtual hosting.
NameVirtualHost *:80

# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.
<VirtualHost *:80>
	ServerName backuppc

	# Redirect requests to "/" to the CGI script
	RedirectMatch "^/$" /BackupPC_Admin

	<IfDefine SSL>
		<IfModule ssl_module>
			RewriteEngine On
			RewriteCond %{HTTPS} !=on
			RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

			## SSL Engine Switch:
			# Enable/Disable SSL for this virtual host.
			SSLEngine on
			SSLOptions +StrictRequire

			## SSL Cipher Suite:
			# List the ciphers that the client is permitted to negotiate.
			# See the mod_ssl documentation for a complete list.
			SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

			## Server Certificate:
			# Point SSLCertificateFile at a PEM encoded certificate. If the certificate
			# is encrypted, then you will be prompted for a pass phrase. Note that a 
			# kill -HUP will prompt again. Keep in mind that if you have both an RSA
			# and a DSA certificate you can configure both in parallel (to also allow
			# the use of DSA ciphers, etc.)
			SSLCertificateFile /etc/ssl/apache2/server.crt

			## Server Private Key:
			# If the key is not combined with the certificate, use this directive to
			# point at the key file. Keep in mind that if you've both a RSA and a DSA
			# private key you can configure both in parallel (to also allow the use of
			# DSA ciphers, etc.)
			SSLCertificateKeyFile /etc/ssl/apache2/server.key
			<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
			</FilesMatch>

			## ssl-accurate-shutdown:
			# This forces an accurate shutdown when the connection is closed, i.e. a
			# SSL close notify alert is send and mod_ssl waits for the close notify
			# alert of the client. This is 100% SSL/TLS standard compliant, but in
			# practice often causes hanging connections with brain-dead browsers. Use
			# this only for browsers where you know that their SSL implementation works
			# correctly. 
			# Notice: Most problems of broken clients are also related to the HTTP 
			# keep-alive facility, so you usually additionally want to disable 
			# keep-alive for those clients, too. Use variable "nokeepalive" for this.
			# Similarly, one has to force some clients to use HTTP/1.0 to workaround
			# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
			# "force-response-1.0" for this.
			<IfModule setenvif_module>
				BrowserMatch ".*MSIE.*" \
					nokeepalive ssl-unclean-shutdown \
						downgrade-1.0 force-response-1.0
			</IfModule>

			## Per-Server Logging:
			# The home of a custom SSL log file. Use this when you want a compact 
			# non-error SSL logfile on a virtual host basis.
			<IfModule log_config_module>
				CustomLog /var/log/apache2/ssl_request_log \
				 	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
			</IfModule>
		</IfModule>
	</IfDefine>

<Directory "HTDOCSDIR">
	# Possible values for the Options directive are "None", "All",
	# or any combination of:
	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
	#
	# Note that "MultiViews" must be named *explicitly* --- "Options All"
	# doesn't give it to you.
	#
	# The Options directive is both complicated and important.  Please see
	# https://httpd.apache.org/docs/2.2/mod/core.html#options
	# for more information.
	Options Indexes FollowSymLinks

	# AllowOverride controls what directives may be placed in .htaccess files.
	# It can be "All", "None", or any combination of the keywords:
	#   Options FileInfo AuthConfig Limit
	AllowOverride None

	<IfDefine SSL>
	<IfModule ssl_module>
		SSLOptions +StdEnvVars
	</IfModule>
	</IfDefine>

	SetHandler perl-script
	PerlResponseHandler ModPerl::Registry
	PerlOptions +ParseHeaders
	Options +ExecCGI

	Order allow,deny
	Allow from all

	AuthName "Backup Admin"
	AuthType Basic
	AuthUserFile AUTHFILE
	Require valid-user
</Directory>

<Directory "HTDOCSDIR/image">
	SetHandler None
	Options Indexes FollowSymLinks
	Order allow,deny
	Allow from all
</Directory>


	<IfModule mpm_peruser_module>
		ServerEnvironment backuppc backuppc
	</IfModule>
</VirtualHost>
</IfDefine>


# vim: ts=4 filetype=apache