21.12.00, 09:54
Hi!
Habe unter Debian 2.2 das apache-ssl paket installiert.
apt-get install apache-ssl
und https funz ja auch, bis aufs dokument root, naja. Das
Problem ist dass ich keine http verbindung herstellen kann.
Habs mit VirtualHosts probiert, habs aber leider nicht
hingekriegt.
Mein DocumentRoot wäre /var/www.
Ich brauche http und https verbindung auf die IP 192.168.1.20.
Vielleicht könntet ihr mir ja bitte helfen, habs leider net geschafft.
Die frischinstallierte, von meinem Mist befreite httpd.conf
schaut so aus:
# This is the main server configuration file. See URL http://www.apache.org/
# for instructions.
# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.
# Originally by Rob McCool
# Shared Object Module Loading:
# To be able to use the functionality of a module which was built
# as a shared object you have to place corresponding `LoadModule'
# lines at this location so the directives contained in it are
# actually available _before_ they are used.
# Example:
# ServerType is either inetd, or standalone.
# SSL Servers MUST be standalone, currently.
ServerType standalone
# If you are running from inetd, go to "ServerAdmin".
# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.
# The default port for SSL is 443...
Port 443
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (http://www.apache.org) (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if
people
# had to knowingly turn this feature on.
HostnameLookups off
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
User www-data
Group www-data
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin webmaster@deamon.bonline.at
# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.
ServerRoot /etc/apache-ssl
# BindAddress: You can support virtual hosts with this option. This
option
# is used to tell the server which IP address to listen to. It can
either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.
#BindAddress *
# The Debian package of Apache loads every feature as shared modules.
# Please keep this LoadModule: line here, it is needed for installation.
# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
# LoadModule env_module /usr/lib/apache/1.3/mod_env.so
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so
# LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
# LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so
# LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
# LoadModule info_module /usr/lib/apache/1.3/mod_info.so
# LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
# LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
# LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
# LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
# LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so
# LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so
# LoadModule action_module /usr/lib/apache/1.3/mod_actions.so
# LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so
# LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
# LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
# LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so
# LoadModule anon_auth_module /usr/lib/apache/1.3/mod_auth_anon.so
# LoadModule dbm_auth_module /usr/lib/apache/1.3/mod_auth_dbm.so
# LoadModule db_auth_module /usr/lib/apache/1.3/mod_auth_db.so
# LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so
# LoadModule digest_module /usr/lib/apache/1.3/mod_digest.so
# LoadModule cern_meta_module /usr/lib/apache/1.3/mod_cern_meta.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
# LoadModule headers_module /usr/lib/apache/1.3/mod_headers.so
# LoadModule usertrack_module /usr/lib/apache/1.3/mod_usertrack.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
# LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
# LoadModule sys_auth_module /usr/lib/apache/1.3/mod_auth_sys.so
# LoadModule put_module /usr/lib/apache/1.3/mod_put.so
# LoadModule throttle_module /usr/lib/apache/1.3/mod_throttle.so
AddModule apache_ssl.c
# LoadModule allowdev_module /usr/lib/apache/1.3/mod_allowdev.so
# LoadModule auth_mysql_module /usr/lib/apache/1.3/mod_auth_mysql.so
# LoadModule pgsql_auth_module /usr/lib/apache/1.3/mod_auth_pgsql.so
# LoadModule eaccess_module /usr/lib/apache/1.3/mod_eaccess.so
# LoadModule roaming_module /usr/lib/apache/1.3/mod_roaming.so
ExtendedStatus on
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.
ErrorLog /var/log/apache-ssl/error.log
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
%T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
CustomLog /var/log/apache-ssl/access.log common
# If you would like to have an agent and referer logfile uncomment the
# following directives.
#CustomLog /var/log/apache/referer.log referer
#CustomLog /var/log/apache/agent.log agent
# If you prefer a single logfile with access, agent and referer
information
# (Combined Logfile Format) you can use the following directive.
#CustomLog /var/log/apache/access.log combined
# PidFile: The file the server should log its pid to
PidFile /var/run/apache-ssl.pid
# ScoreBoardFile: File used to store internal server process
information.
# Not all architectures require this. But if yours does (you'll know
because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
# ScoreBoardFile logs/apache_runtime_status
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
LockFile /var/run/apache.lock
# ServerName allows you to set a host name which is sent back to clients
for
# your server if it's different than the one the program would get (i.e.
use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name
you
# define here must be a valid DNS name for your host. If you don't
understand
# this, ask your network administrator.
#ServerName new.host.name
# UseCanonicalName: (new for 1.3) With this setting turned on,
whenever
# Apache needs to construct a self-referencing URL (a url that refers
back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname http://www.linuxforen.de/ubb/tongue.gifort that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName on
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with
each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line
disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---
MinSpareServers 5
MaxSpareServers 10
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 5
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...
MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable
leaks
# in the libraries.
MaxRequestsPerChild 30
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the VirtualHost command
#Listen 3000
#Listen 12.34.56.78:80
# VirtualHost: Allows the daemon to respond to requests for more than
one
# server address, if your server machine is configured to accept IP
packets
# for multiple addresses. This can be accomplished with the ifconfig
# alias flag, or through kernel patches like VIF.
# Any httpd.conf or srm.conf directive may go into a VirtualHost
command.
# See also the BindAddress entry.
#<VirtualHost host.some_domain.com>
#ServerAdmin webmaster@host.some_domain.com
#DocumentRoot /var/www/host.some_domain.com
#ServerName host.some_domain.com
#ErrorLog /var/log/apache/host.some_domain.com-error.log
#TransferLog /var/log/apache/host.some_domain.com-access.log
#</VirtualHost>
# ----------------------------SSL----------------------------------
# This is an example configuration file for Apache-SSL.
# Copyright (C) 1995,6,7 Ben Laurie
# By popular demand, this file now illustrates the way to create two
websites,
# one secured (on port 8887), the other not (on port 8888).
# You may need one of thse
#User webuser
#User ben
#Group group
# SSL Servers MUST be standalone, currently.
#ServerType standalone
# The default port for SSL is 443...
#Port 8887
#Listen ServerPort
Listen 443
# My test document root
#DocumentRoot /u/ben/www/1/docs
#DocumentRoot /u/ben/apache/apache_1.3.0-ssl/htdocs
#<Directory /u/ben/apache/apache_1.3.0-ssl/htdocs/manual>
# This directive forbids access except when SSL is in use. Very handy
for
# defending against configuration errors that expose stuff that should
be
# protected
#SSLRequireSSL
#</Directory>
# Watch what's going on
#TransferLog /var/log/apache-ssl/transfer.log
# Note that all SSL options can apply to virtual hosts.
# Disable SSL. Useful in combination with virtual hosts. Note that
SSLEnable is
# now also supported.
SSLEnable
# Set the path for the global cache server executable.
# If this facility gives you trouble, you can disable it by setting
# CACHE_SESSIONS to FALSE in apache_ssl.c
SSLCacheServerPath /usr/lib/apache-ssl/gcache
# Set the global cache server port number, or path. If it is a path, a
Unix
# domain socket is used. If a number, a TCP socket.
SSLCacheServerPort /var/run/gcache_port
#SSLCacheServerPort 1234
# Set the session cache timeout, in seconds (set to 15 for testing, use
a
# higher value in real life)
SSLSessionCacheTimeout 15
# Set the CA certificate verification path (must be PEM encoded).
# (in addition to getenv("SSL_CERT_DIR"), I think).
#SSLCACertificatePath /u/ben/apache/apache_1.2.5-ssl/SSLconf/conf
SSLCACertificatePath /etc/apache-ssl
# Set the CA certificate verification file (must be PEM encoded).
# (in addition to getenv("SSL_CERT_FILE"), I think).
#SSLCACertificateFile /some/where/somefile
#SSLCACertificateFile
/u/ben/apache/apache_1.2.5-ssl/SSLconf/conf/httpsd.pem
# Point SSLCertificateFile at a PEM encoded certificate.
# If the certificate is encrypted, then you will be prompted for a pass
phrase.
# Note that a kill -1 will prompt again.
# A test certificate can be generated with "make certificate".
SSLCertificateFile /etc/apache-ssl/apache.pem
#SSLCertificateFile /u/ben/apache/apache_1.2.6-ssl/SSLconf/conf/t1.pem
# If the key is not combined with the certificate, use this directive to
# point at the key file. If this starts with a '/' it specifies an
absolute
# path, otherwise it is relative to the default certificate area. That
is, it
# means "<default>/private/<keyfile>".
#SSLCertificateKeyFile /some/place/with/your.key
# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not required
to
# have a valid CA
SSLVerifyClient 0
# How deeply to verify before deciding they don't have a valid
certificate
SSLVerifyDepth 10
# Translate the client X509 into a Basic authorisation. This means that
the
# standard Auth/DBMAuth methods can be used for access control. The user
name
# is the "one line" version of the client's X509 certificate. Note that
no
# password is obtained from the user. Every entry in the user file needs
this
# password: xxj31ZMTZzkVA. See the code for further explanation.
SSLFakeBasicAuth
# List the ciphers that the client is permitted to negotiate. See the
source
# for a definitive list. For example:
#SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5 http://www.linuxforen.de/ubb/biggrin.gifES-CBC3-SHA
# These two can be used per-directory to require or ban ciphers. Note
that (at
# least in the current version) Apache-SSL will not attempt to
renegotiate if a
# cipher is banned (or not required).
#SSLRequireCipher
#SSLBanCipher
# A home for miscellaneous rubbish generated by SSL. Much of it is
duplicated
# in the error log file. Put this somewhere where it cannot be used for
symlink
# attacks on a real server (i.e. somewhere where only root can write).
#SSLLogFile /var/log/ssl.log
# Custom logging
CustomLog /var/log/apache-ssl/ssl.log "%t %{version}c %{cipher}c
%{clientcert}c"
#<VirtualHost scuzzy:8888>
#SSLDisable
#SSLEnable
#</VirtualHost>
# If you want, you can disable SSL globally, and enable it in a virtual
host...
#<VirtualHost scuzzy:8887>
#SSLEnable
# and the rest of the SSL stuf...
#</VirtualHost>
# Experiment with authorization...
#<Directory /u/ben/www/1/docs>
#AuthType Basic
#AuthName Experimental
#AuthGroupFile /dev/null
#AuthUserFile /u/ben/www/1/users
#<Limit PUT GET>
#allow from all
#require valid-user
#</Limit>
#</Directory>
#ScriptAlias /scripts /u/ben/www/scripts
#<VirtualHost ServerName:443>
#SSLEnable
#</VirtualHost>
THX in advance
Bernhard
Habe unter Debian 2.2 das apache-ssl paket installiert.
apt-get install apache-ssl
und https funz ja auch, bis aufs dokument root, naja. Das
Problem ist dass ich keine http verbindung herstellen kann.
Habs mit VirtualHosts probiert, habs aber leider nicht
hingekriegt.
Mein DocumentRoot wäre /var/www.
Ich brauche http und https verbindung auf die IP 192.168.1.20.
Vielleicht könntet ihr mir ja bitte helfen, habs leider net geschafft.
Die frischinstallierte, von meinem Mist befreite httpd.conf
schaut so aus:
# This is the main server configuration file. See URL http://www.apache.org/
# for instructions.
# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.
# Originally by Rob McCool
# Shared Object Module Loading:
# To be able to use the functionality of a module which was built
# as a shared object you have to place corresponding `LoadModule'
# lines at this location so the directives contained in it are
# actually available _before_ they are used.
# Example:
# ServerType is either inetd, or standalone.
# SSL Servers MUST be standalone, currently.
ServerType standalone
# If you are running from inetd, go to "ServerAdmin".
# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.
# The default port for SSL is 443...
Port 443
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (http://www.apache.org) (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if
people
# had to knowingly turn this feature on.
HostnameLookups off
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
User www-data
Group www-data
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin webmaster@deamon.bonline.at
# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.
ServerRoot /etc/apache-ssl
# BindAddress: You can support virtual hosts with this option. This
option
# is used to tell the server which IP address to listen to. It can
either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.
#BindAddress *
# The Debian package of Apache loads every feature as shared modules.
# Please keep this LoadModule: line here, it is needed for installation.
# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
# LoadModule env_module /usr/lib/apache/1.3/mod_env.so
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so
# LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
# LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so
# LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
# LoadModule info_module /usr/lib/apache/1.3/mod_info.so
# LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
# LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
# LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
# LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
# LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so
# LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so
# LoadModule action_module /usr/lib/apache/1.3/mod_actions.so
# LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so
# LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
# LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
# LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so
# LoadModule anon_auth_module /usr/lib/apache/1.3/mod_auth_anon.so
# LoadModule dbm_auth_module /usr/lib/apache/1.3/mod_auth_dbm.so
# LoadModule db_auth_module /usr/lib/apache/1.3/mod_auth_db.so
# LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so
# LoadModule digest_module /usr/lib/apache/1.3/mod_digest.so
# LoadModule cern_meta_module /usr/lib/apache/1.3/mod_cern_meta.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
# LoadModule headers_module /usr/lib/apache/1.3/mod_headers.so
# LoadModule usertrack_module /usr/lib/apache/1.3/mod_usertrack.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
# LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
# LoadModule sys_auth_module /usr/lib/apache/1.3/mod_auth_sys.so
# LoadModule put_module /usr/lib/apache/1.3/mod_put.so
# LoadModule throttle_module /usr/lib/apache/1.3/mod_throttle.so
AddModule apache_ssl.c
# LoadModule allowdev_module /usr/lib/apache/1.3/mod_allowdev.so
# LoadModule auth_mysql_module /usr/lib/apache/1.3/mod_auth_mysql.so
# LoadModule pgsql_auth_module /usr/lib/apache/1.3/mod_auth_pgsql.so
# LoadModule eaccess_module /usr/lib/apache/1.3/mod_eaccess.so
# LoadModule roaming_module /usr/lib/apache/1.3/mod_roaming.so
ExtendedStatus on
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.
ErrorLog /var/log/apache-ssl/error.log
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
%T %v" full
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
CustomLog /var/log/apache-ssl/access.log common
# If you would like to have an agent and referer logfile uncomment the
# following directives.
#CustomLog /var/log/apache/referer.log referer
#CustomLog /var/log/apache/agent.log agent
# If you prefer a single logfile with access, agent and referer
information
# (Combined Logfile Format) you can use the following directive.
#CustomLog /var/log/apache/access.log combined
# PidFile: The file the server should log its pid to
PidFile /var/run/apache-ssl.pid
# ScoreBoardFile: File used to store internal server process
information.
# Not all architectures require this. But if yours does (you'll know
because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
# ScoreBoardFile logs/apache_runtime_status
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
LockFile /var/run/apache.lock
# ServerName allows you to set a host name which is sent back to clients
for
# your server if it's different than the one the program would get (i.e.
use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name
you
# define here must be a valid DNS name for your host. If you don't
understand
# this, ask your network administrator.
#ServerName new.host.name
# UseCanonicalName: (new for 1.3) With this setting turned on,
whenever
# Apache needs to construct a self-referencing URL (a url that refers
back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname http://www.linuxforen.de/ubb/tongue.gifort that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName on
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with
each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line
disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---
MinSpareServers 5
MaxSpareServers 10
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 5
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...
MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable
leaks
# in the libraries.
MaxRequestsPerChild 30
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the VirtualHost command
#Listen 3000
#Listen 12.34.56.78:80
# VirtualHost: Allows the daemon to respond to requests for more than
one
# server address, if your server machine is configured to accept IP
packets
# for multiple addresses. This can be accomplished with the ifconfig
# alias flag, or through kernel patches like VIF.
# Any httpd.conf or srm.conf directive may go into a VirtualHost
command.
# See also the BindAddress entry.
#<VirtualHost host.some_domain.com>
#ServerAdmin webmaster@host.some_domain.com
#DocumentRoot /var/www/host.some_domain.com
#ServerName host.some_domain.com
#ErrorLog /var/log/apache/host.some_domain.com-error.log
#TransferLog /var/log/apache/host.some_domain.com-access.log
#</VirtualHost>
# ----------------------------SSL----------------------------------
# This is an example configuration file for Apache-SSL.
# Copyright (C) 1995,6,7 Ben Laurie
# By popular demand, this file now illustrates the way to create two
websites,
# one secured (on port 8887), the other not (on port 8888).
# You may need one of thse
#User webuser
#User ben
#Group group
# SSL Servers MUST be standalone, currently.
#ServerType standalone
# The default port for SSL is 443...
#Port 8887
#Listen ServerPort
Listen 443
# My test document root
#DocumentRoot /u/ben/www/1/docs
#DocumentRoot /u/ben/apache/apache_1.3.0-ssl/htdocs
#<Directory /u/ben/apache/apache_1.3.0-ssl/htdocs/manual>
# This directive forbids access except when SSL is in use. Very handy
for
# defending against configuration errors that expose stuff that should
be
# protected
#SSLRequireSSL
#</Directory>
# Watch what's going on
#TransferLog /var/log/apache-ssl/transfer.log
# Note that all SSL options can apply to virtual hosts.
# Disable SSL. Useful in combination with virtual hosts. Note that
SSLEnable is
# now also supported.
SSLEnable
# Set the path for the global cache server executable.
# If this facility gives you trouble, you can disable it by setting
# CACHE_SESSIONS to FALSE in apache_ssl.c
SSLCacheServerPath /usr/lib/apache-ssl/gcache
# Set the global cache server port number, or path. If it is a path, a
Unix
# domain socket is used. If a number, a TCP socket.
SSLCacheServerPort /var/run/gcache_port
#SSLCacheServerPort 1234
# Set the session cache timeout, in seconds (set to 15 for testing, use
a
# higher value in real life)
SSLSessionCacheTimeout 15
# Set the CA certificate verification path (must be PEM encoded).
# (in addition to getenv("SSL_CERT_DIR"), I think).
#SSLCACertificatePath /u/ben/apache/apache_1.2.5-ssl/SSLconf/conf
SSLCACertificatePath /etc/apache-ssl
# Set the CA certificate verification file (must be PEM encoded).
# (in addition to getenv("SSL_CERT_FILE"), I think).
#SSLCACertificateFile /some/where/somefile
#SSLCACertificateFile
/u/ben/apache/apache_1.2.5-ssl/SSLconf/conf/httpsd.pem
# Point SSLCertificateFile at a PEM encoded certificate.
# If the certificate is encrypted, then you will be prompted for a pass
phrase.
# Note that a kill -1 will prompt again.
# A test certificate can be generated with "make certificate".
SSLCertificateFile /etc/apache-ssl/apache.pem
#SSLCertificateFile /u/ben/apache/apache_1.2.6-ssl/SSLconf/conf/t1.pem
# If the key is not combined with the certificate, use this directive to
# point at the key file. If this starts with a '/' it specifies an
absolute
# path, otherwise it is relative to the default certificate area. That
is, it
# means "<default>/private/<keyfile>".
#SSLCertificateKeyFile /some/place/with/your.key
# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not required
to
# have a valid CA
SSLVerifyClient 0
# How deeply to verify before deciding they don't have a valid
certificate
SSLVerifyDepth 10
# Translate the client X509 into a Basic authorisation. This means that
the
# standard Auth/DBMAuth methods can be used for access control. The user
name
# is the "one line" version of the client's X509 certificate. Note that
no
# password is obtained from the user. Every entry in the user file needs
this
# password: xxj31ZMTZzkVA. See the code for further explanation.
SSLFakeBasicAuth
# List the ciphers that the client is permitted to negotiate. See the
source
# for a definitive list. For example:
#SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5 http://www.linuxforen.de/ubb/biggrin.gifES-CBC3-SHA
# These two can be used per-directory to require or ban ciphers. Note
that (at
# least in the current version) Apache-SSL will not attempt to
renegotiate if a
# cipher is banned (or not required).
#SSLRequireCipher
#SSLBanCipher
# A home for miscellaneous rubbish generated by SSL. Much of it is
duplicated
# in the error log file. Put this somewhere where it cannot be used for
symlink
# attacks on a real server (i.e. somewhere where only root can write).
#SSLLogFile /var/log/ssl.log
# Custom logging
CustomLog /var/log/apache-ssl/ssl.log "%t %{version}c %{cipher}c
%{clientcert}c"
#<VirtualHost scuzzy:8888>
#SSLDisable
#SSLEnable
#</VirtualHost>
# If you want, you can disable SSL globally, and enable it in a virtual
host...
#<VirtualHost scuzzy:8887>
#SSLEnable
# and the rest of the SSL stuf...
#</VirtualHost>
# Experiment with authorization...
#<Directory /u/ben/www/1/docs>
#AuthType Basic
#AuthName Experimental
#AuthGroupFile /dev/null
#AuthUserFile /u/ben/www/1/users
#<Limit PUT GET>
#allow from all
#require valid-user
#</Limit>
#</Directory>
#ScriptAlias /scripts /u/ben/www/scripts
#<VirtualHost ServerName:443>
#SSLEnable
#</VirtualHost>
THX in advance
Bernhard