source: main/adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis001/apache_httpd_reverse_proxy/httpd.conf @ 24586

Last change on this file since 24586 was 24586, checked in by Paul Leo, 8 months ago

Adding apache httpd reverse proxy config files, including Let's Encrypt configuration
Currently using Let's Encrypt staging, not production, one day renewal for testing
Only using port 443 for cert renewal for now.
nmtracking is password protected

File size: 26.7 KB
Line 
1#
2# This is the main Apache HTTP server configuration file.  It contains the
3# configuration directives that give the server its instructions.
4# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
5# In particular, see
6# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
7# for a discussion of each configuration directive.
8#
9# Do NOT simply read the instructions in here without understanding
10# what they do.  They're here only as hints or reminders.  If you are unsure
11# consult the online docs. You have been warned. 
12#
13# Configuration and logfile names: If the filenames you specify for many
14# of the server's control files begin with "/" (or "drive:/" for Win32), the
15# server will use that explicit path.  If the filenames do *not* begin
16# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
17# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
18# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
19# will be interpreted as '/logs/access_log'.
20#
21# NOTE: Where filenames are specified, you must use forward slashes
22# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
23# If a drive letter is omitted, the drive on which httpd.exe is located
24# will be used by default.  It is recommended that you always supply
25# an explicit drive letter in absolute paths to avoid confusion.
26
27#
28# ServerRoot: The top of the directory tree under which the server's
29# configuration, error, and log files are kept.
30#
31# Do not add a slash at the end of the directory path.  If you point
32# ServerRoot at a non-local disk, be sure to specify a local disk on the
33# Mutex directive, if file-based mutexes are used.  If you wish to share the
34# same ServerRoot for multiple httpd daemons, you will need to change at
35# least PidFile.
36#
37Define SRVROOT "c:/Apache-2.4.52"
38
39ServerRoot "${SRVROOT}"
40
41#
42# Mutex: Allows you to set the mutex mechanism and mutex file directory
43# for individual mutexes, or change the global defaults
44#
45# Uncomment and change the directory if mutexes are file-based and the default
46# mutex file directory is not on a local disk or is not appropriate for some
47# other reason.
48#
49# Mutex default:logs
50
51#
52# Listen: Allows you to bind Apache to specific IP addresses and/or
53# ports, instead of the default. See also the <VirtualHost>
54# directive.
55#
56# Change this to Listen on specific IP addresses as shown below to
57# prevent Apache from glomming onto all bound IP addresses.
58#
59##### Settings in httpd-vhosts.conf
60#Listen 12.34.56.78:80
61######## Listen 443 is already set in extra/httpd-ssl ######
62##### If Let's Encrypt will not use port 443, uncomment next line
63Listen 80
64
65#
66# Dynamic Shared Object (DSO) Support
67#
68# To be able to use the functionality of a module which was built as a DSO you
69# have to place corresponding `LoadModule' lines at this location so the
70# directives contained in it are actually available _before_ they are used.
71# Statically compiled modules (those listed by `httpd -l') do not need
72# to be loaded here.
73#
74# Example:
75# LoadModule foo_module modules/mod_foo.so
76#
77#LoadModule access_compat_module modules/mod_access_compat.so
78LoadModule actions_module modules/mod_actions.so
79LoadModule alias_module modules/mod_alias.so
80LoadModule allowmethods_module modules/mod_allowmethods.so
81LoadModule asis_module modules/mod_asis.so
82LoadModule auth_basic_module modules/mod_auth_basic.so
83#LoadModule auth_digest_module modules/mod_auth_digest.so
84#LoadModule auth_form_module modules/mod_auth_form.so
85#LoadModule authn_anon_module modules/mod_authn_anon.so
86LoadModule authn_core_module modules/mod_authn_core.so
87#LoadModule authn_dbd_module modules/mod_authn_dbd.so
88#LoadModule authn_dbm_module modules/mod_authn_dbm.so
89LoadModule authn_file_module modules/mod_authn_file.so
90#LoadModule authn_socache_module modules/mod_authn_socache.so
91#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
92#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
93LoadModule authz_core_module modules/mod_authz_core.so
94#LoadModule authz_dbd_module modules/mod_authz_dbd.so
95#LoadModule authz_dbm_module modules/mod_authz_dbm.so
96LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
97LoadModule authz_host_module modules/mod_authz_host.so
98#LoadModule authz_owner_module modules/mod_authz_owner.so
99LoadModule authz_user_module modules/mod_authz_user.so
100LoadModule autoindex_module modules/mod_autoindex.so
101#LoadModule brotli_module modules/mod_brotli.so
102#LoadModule buffer_module modules/mod_buffer.so
103#LoadModule cache_module modules/mod_cache.so
104#LoadModule cache_disk_module modules/mod_cache_disk.so
105#LoadModule cache_socache_module modules/mod_cache_socache.so
106#LoadModule cern_meta_module modules/mod_cern_meta.so
107LoadModule cgi_module modules/mod_cgi.so
108#LoadModule charset_lite_module modules/mod_charset_lite.so
109#LoadModule data_module modules/mod_data.so
110#LoadModule dav_module modules/mod_dav.so
111#LoadModule dav_fs_module modules/mod_dav_fs.so
112#LoadModule dav_lock_module modules/mod_dav_lock.so
113#LoadModule dbd_module modules/mod_dbd.so
114#LoadModule deflate_module modules/mod_deflate.so
115LoadModule dir_module modules/mod_dir.so
116#LoadModule dumpio_module modules/mod_dumpio.so
117LoadModule env_module modules/mod_env.so
118#LoadModule expires_module modules/mod_expires.so
119#LoadModule ext_filter_module modules/mod_ext_filter.so
120#LoadModule file_cache_module modules/mod_file_cache.so
121#LoadModule filter_module modules/mod_filter.so
122#LoadModule http2_module modules/mod_http2.so
123LoadModule headers_module modules/mod_headers.so
124#LoadModule heartbeat_module modules/mod_heartbeat.so
125#LoadModule heartmonitor_module modules/mod_heartmonitor.so
126#LoadModule ident_module modules/mod_ident.so
127#LoadModule imagemap_module modules/mod_imagemap.so
128LoadModule include_module modules/mod_include.so
129#LoadModule info_module modules/mod_info.so
130#LoadModule isapi_module modules/mod_isapi.so
131#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
132#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
133#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
134#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
135#LoadModule ldap_module modules/mod_ldap.so
136#LoadModule logio_module modules/mod_logio.so
137LoadModule log_config_module modules/mod_log_config.so
138#LoadModule log_debug_module modules/mod_log_debug.so
139#LoadModule log_forensic_module modules/mod_log_forensic.so
140#LoadModule lua_module modules/mod_lua.so
141#LoadModule macro_module modules/mod_macro.so
142LoadModule md_module modules/mod_md.so
143LoadModule mime_module modules/mod_mime.so
144#LoadModule mime_magic_module modules/mod_mime_magic.so
145LoadModule negotiation_module modules/mod_negotiation.so
146LoadModule proxy_module modules/mod_proxy.so
147#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
148#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
149#LoadModule proxy_connect_module modules/mod_proxy_connect.so
150#LoadModule proxy_express_module modules/mod_proxy_express.so
151#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
152#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
153#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
154#LoadModule proxy_html_module modules/mod_proxy_html.so
155LoadModule proxy_http_module modules/mod_proxy_http.so
156#LoadModule proxy_http2_module modules/mod_proxy_http2.so
157#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
158#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
159#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
160#LoadModule ratelimit_module modules/mod_ratelimit.so
161#LoadModule reflector_module modules/mod_reflector.so
162#LoadModule remoteip_module modules/mod_remoteip.so
163#LoadModule request_module modules/mod_request.so
164#LoadModule reqtimeout_module modules/mod_reqtimeout.so
165#LoadModule rewrite_module modules/mod_rewrite.so
166#LoadModule sed_module modules/mod_sed.so
167#LoadModule session_module modules/mod_session.so
168#LoadModule session_cookie_module modules/mod_session_cookie.so
169#LoadModule session_crypto_module modules/mod_session_crypto.so
170#LoadModule session_dbd_module modules/mod_session_dbd.so
171LoadModule setenvif_module modules/mod_setenvif.so
172#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
173#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
174#LoadModule socache_dbm_module modules/mod_socache_dbm.so
175#LoadModule socache_memcache_module modules/mod_socache_memcache.so
176#LoadModule socache_redis_module modules/mod_socache_redis.so
177LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
178#LoadModule speling_module modules/mod_speling.so
179LoadModule ssl_module modules/mod_ssl.so
180LoadModule status_module modules/mod_status.so
181#LoadModule substitute_module modules/mod_substitute.so
182#LoadModule unique_id_module modules/mod_unique_id.so
183#LoadModule userdir_module modules/mod_userdir.so
184#LoadModule usertrack_module modules/mod_usertrack.so
185#LoadModule version_module modules/mod_version.so
186#LoadModule vhost_alias_module modules/mod_vhost_alias.so
187LoadModule watchdog_module modules/mod_watchdog.so
188#LoadModule xml2enc_module modules/mod_xml2enc.so
189
190<IfModule unixd_module>
191#
192# If you wish httpd to run as a different user or group, you must run
193# httpd as root initially and it will switch. 
194#
195# User/Group: The name (or #number) of the user/group to run httpd as.
196# It is usually good practice to create a dedicated user and group for
197# running httpd, as with most system services.
198#
199User daemon
200Group daemon
201
202</IfModule>
203
204# 'Main' server configuration
205#
206# The directives in this section set up the values used by the 'main'
207# server, which responds to any requests that aren't handled by a
208# <VirtualHost> definition.  These values also provide defaults for
209# any <VirtualHost> containers you may define later in the file.
210#
211# All of these directives may appear inside <VirtualHost> containers,
212# in which case these default settings will be overridden for the
213# virtual host being defined.
214#
215
216#
217# ServerAdmin: Your address, where problems with the server should be
218# e-mailed.  This address appears on some server-generated pages, such
219# as error documents.  e.g. admin@your-domain.com
220#
221ServerAdmin paul.leo@stgconsulting.com
222
223#
224# ServerName gives the name and port that the server uses to identify itself.
225# This can often be determined automatically, but we recommend you specify
226# it explicitly to prevent problems during startup.
227#
228# If your host doesn't have a registered DNS name, enter its IP address here.
229#
230#ServerName www.example.com:80
231### Next Line may need to be changed ###
232###### ServerName 10.100.2.15:443
233ServerName DMZRISIMIBS001
234#
235# Deny access to the entirety of your server's filesystem. You must
236# explicitly permit access to web content directories in other
237# <Directory> blocks below.
238#
239<Directory />
240    AllowOverride none
241    Require all denied
242</Directory>
243
244#
245# Note that from this point forward you must specifically allow
246# particular features to be enabled - so if something's not working as
247# you might expect, make sure that you have specifically enabled it
248# below.
249#
250
251#
252# DocumentRoot: The directory out of which you will serve your
253# documents. By default, all requests are taken from this directory, but
254# symbolic links and aliases may be used to point to other locations.
255#
256DocumentRoot "${SRVROOT}/htdocs"
257<Directory "${SRVROOT}/htdocs">
258    #
259    # Possible values for the Options directive are "None", "All",
260    # or any combination of:
261    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
262    #
263    # Note that "MultiViews" must be named *explicitly* --- "Options All"
264    # doesn't give it to you.
265    #
266    # The Options directive is both complicated and important.  Please see
267    # http://httpd.apache.org/docs/2.4/mod/core.html#options
268    # for more information.
269    #
270    #Options Indexes FollowSymLinks
271        Options None
272
273    #
274    # AllowOverride controls what directives may be placed in .htaccess files.
275    # It can be "All", "None", or any combination of the keywords:
276    #   AllowOverride FileInfo AuthConfig Limit
277    #
278    AllowOverride None
279
280    #
281    # Controls who can get stuff from this server.
282    #
283    Require all granted
284</Directory>
285
286#
287# DirectoryIndex: sets the file that Apache will serve if a directory
288# is requested.
289#
290<IfModule dir_module>
291    DirectoryIndex index.html
292</IfModule>
293
294#
295# The following lines prevent .htaccess and .htpasswd files from being
296# viewed by Web clients.
297#
298<Files ".ht*">
299    Require all denied
300</Files>
301
302#
303# ErrorLog: The location of the error log file.
304# If you do not specify an ErrorLog directive within a <VirtualHost>
305# container, error messages relating to that virtual host will be
306# logged here.  If you *do* define an error logfile for a <VirtualHost>
307# container, that host's errors will be logged there and not here.
308#
309#ErrorLog "logs/error.log"
310
311# For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
312# am using rotate every day and keep 7 days, could keep more.
313# you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
314### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
315# -v is verbose output for debugging, BUT...
316# try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
317# note daily is 86400, testing is 60 (every minute)
318# Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
319# ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
320# Next line is for production, rotate every day, keep 14 logs
321ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/error.log 86400"
322#
323# LogLevel: Control the number of messages logged to the error_log.
324# Possible values include: debug, info, notice, warn, error, crit,
325# alert, emerg.
326#
327###### Next line is default ######
328####### LogLevel warn
329###### Turning LogLevel Up to debug MOD_MD ########
330######LogLevel info md:trace2 ssl:trace2 proxy:trace2
331############LogLevel debug md:trace2 ssl:trace2 proxy:trace5
332####LogLevel warn proxy:trace5
333#####LogLevel warn proxy:debug
334LogLevel debug md:trace5 ssl:trace5 proxy:trace5
335
336
337<IfModule log_config_module>
338    #
339    # The following directives define some format nicknames for use with
340    # a CustomLog directive (see below).
341    #
342    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
343    LogFormat "%h %l %u %t \"%r\" %>s %b" common
344
345    <IfModule logio_module>
346      # You need to enable mod_logio.c to use %I and %O
347      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
348    </IfModule>
349
350    #
351    # The location and format of the access logfile (Common Logfile Format).
352    # If you do not define any access logfiles within a <VirtualHost>
353    # container, they will be logged here.  Contrariwise, if you *do*
354    # define per-<VirtualHost> access logfiles, transactions will be
355    # logged therein and *not* in this file.
356    #
357    #CustomLog "logs/access.log" common
358
359    #
360    # If you prefer a logfile with access, agent, and referer information
361    # (Combined Logfile Format) you can use the following directive.
362    #
363     #CustomLog "logs/access.log" combined
364
365        # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
366        # This is the error and usage output from failing config using -c, note: there is no -c even though link above shows it, but that must be for linux/unix version_module
367
368        ###AH00106: piped log program 'bin/rotatelogs.exe -l -f -v -c -n 14 logs/access.log 86400' failed unexpectedly
369        ###rotatelogs.exe: illegal option -- c
370        ###Usage: C:\Apache-2.4.51\bin\rotatelogs.exe [-v] [-l] [-L linkname] [-p prog] [-f] [-D] [-t] [-e] [-n number] <logfile> {<rotation time in seconds>|<rotation size>(B|K|M|G)} [offset minutes from UTC]
371        ###
372        ###Add this:
373        ###
374        ###TransferLog "|C:\Apache-2.4.51\bin\rotatelogs.exe /some/where 86400"
375        ###
376        ###or
377        ###
378        ###TransferLog "|C:\Apache-2.4.51\bin\rotatelogs.exe /some/where 5M"
379        ###
380        ###to httpd.conf. By default, the generated name will be
381        ###<logfile>.nnnn where nnnn is the system time at which the log
382        ###nominally starts (N.B. if using a rotation time, the time will
383        ###always be a multiple of the rotation time, so you can synchronize
384        ###cron scripts with it). If <logfile> contains strftime conversion
385        ###specifications, those will be used instead. At the end of each
386        ###rotation time or when the file size is reached a new log is
387        ###started.
388        ###
389        ###Options:
390        ###  -v       Verbose operation. Messages are written to stderr.
391        ###  -l       Base rotation on local time instead of UTC.
392        ###  -L path  Create hard link from current log to specified path.
393        ###  -p prog  Run specified program after opening a new log file. See below.
394        ###  -f       Force opening of log on program start.
395        ###  -D       Create parent directories of log file.
396        ###  -t       Truncate logfile instead of rotating, tail friendly.
397        ###  -e       Echo log to stdout for further processing.
398        ###  -n num   Rotate file by adding suffixes '.1', '.2', ..., '.num'.
399        ###
400        ###The program for '-p' is invoked as "[prog] <curfile> [<prevfile>]"
401        ###where <curfile> is the filename of the newly opened logfile, and
402        ###<prevfile>, if given, is the filename of the previously used logfile.
403       
404        # am using rotate every day and keep 7 days, could keep more.
405        # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
406        # -c not permitted in windows, may be other options also not permitted
407        # -v is verbose output for debugging
408
409        # Next line is for testing log rotation every 20 seconds, keep 7 logs, verbose output
410        #CustomLog "|bin/rotatelogs.exee -l -f -v -n 7 logs/access_log 20" combined
411        # Next line is for production, rotate logs daily, keep 14 logs
412        CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/access.log 86400" combined
413       
414</IfModule>
415
416<IfModule alias_module>
417    #
418    # Redirect: Allows you to tell clients about documents that used to
419    # exist in your server's namespace, but do not anymore. The client
420    # will make a new request for the document at its new location.
421    # Example:
422    # Redirect permanent /foo http://www.example.com/bar
423
424    #
425    # Alias: Maps web paths into filesystem paths and is used to
426    # access content that does not live under the DocumentRoot.
427    # Example:
428    # Alias /webpath /full/filesystem/path
429    #
430    # If you include a trailing / on /webpath then the server will
431    # require it to be present in the URL.  You will also likely
432    # need to provide a <Directory> section to allow access to
433    # the filesystem path.
434
435    #
436    # ScriptAlias: This controls which directories contain server scripts.
437    # ScriptAliases are essentially the same as Aliases, except that
438    # documents in the target directory are treated as applications and
439    # run by the server when requested rather than as documents sent to the
440    # client.  The same rules about trailing "/" apply to ScriptAlias
441    # directives as to Alias.
442    #
443    ScriptAlias /cgi-bin/ "${SRVROOT}/cgi-bin/"
444
445</IfModule>
446
447<IfModule cgid_module>
448    #
449    # ScriptSock: On threaded servers, designate the path to the UNIX
450    # socket used to communicate with the CGI daemon of mod_cgid.
451    #
452    #Scriptsock cgisock
453</IfModule>
454
455#
456# "${SRVROOT}/cgi-bin" should be changed to whatever your ScriptAliased
457# CGI directory exists, if you have that configured.
458#
459<Directory "${SRVROOT}/cgi-bin">
460    AllowOverride None
461    Options None
462    Require all granted
463</Directory>
464
465<IfModule headers_module>
466    #
467    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
468    # backend servers which have lingering "httpoxy" defects.
469    # 'Proxy' request header is undefined by the IETF, not listed by IANA
470    #
471    RequestHeader unset Proxy early
472        ####
473        #### set all cookies to be httponly and secure, see:
474        #### https://stackoverflow.com/questions/24129201/add-secure-and-httponly-flags-to-every-set-cookie-response-in-apache-httpd#24246462
475        #### When I view results, w/o the Header linke, it is possible cookie parameter HttpOnly has already been set so instead of next line will just set Secure
476        ########### use one of the following lines to force secure when ready ##########
477        #### Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
478        #################Header edit Set-Cookie ^(.*)$ $1;Secure
479</IfModule>
480
481<IfModule mime_module>
482    #
483    # TypesConfig points to the file containing the list of mappings from
484    # filename extension to MIME-type.
485    #
486    TypesConfig conf/mime.types
487
488    #
489    # AddType allows you to add to or override the MIME configuration
490    # file specified in TypesConfig for specific file types.
491    #
492    #AddType application/x-gzip .tgz
493    #
494    # AddEncoding allows you to have certain browsers uncompress
495    # information on the fly. Note: Not all browsers support this.
496    #
497    #AddEncoding x-compress .Z
498    #AddEncoding x-gzip .gz .tgz
499    #
500    # If the AddEncoding directives above are commented-out, then you
501    # probably should define those extensions to indicate media types:
502    #
503    AddType application/x-compress .Z
504    AddType application/x-gzip .gz .tgz
505
506    #
507    # AddHandler allows you to map certain file extensions to "handlers":
508    # actions unrelated to filetype. These can be either built into the server
509    # or added with the Action directive (see below)
510    #
511    # To use CGI scripts outside of ScriptAliased directories:
512    # (You will also need to add "ExecCGI" to the "Options" directive.)
513    #
514    #AddHandler cgi-script .cgi
515
516    # For type maps (negotiated resources):
517    #AddHandler type-map var
518
519    #
520    # Filters allow you to process content before it is sent to the client.
521    #
522    # To parse .shtml files for server-side includes (SSI):
523    # (You will also need to add "Includes" to the "Options" directive.)
524    #
525    #AddType text/html .shtml
526    #AddOutputFilter INCLUDES .shtml
527</IfModule>
528
529#
530# The mod_mime_magic module allows the server to use various hints from the
531# contents of the file itself to determine its type.  The MIMEMagicFile
532# directive tells the module where the hint definitions are located.
533#
534#MIMEMagicFile conf/magic
535
536#
537# Customizable error responses come in three flavors:
538# 1) plain text 2) local redirects 3) external redirects
539#
540# Some examples:
541#ErrorDocument 500 "The server made a boo boo."
542#ErrorDocument 404 /missing.html
543#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
544#ErrorDocument 402 http://www.example.com/subscription_info.html
545#
546
547#
548# MaxRanges: Maximum number of Ranges in a request before
549# returning the entire resource, or one of the special
550# values 'default', 'none' or 'unlimited'.
551# Default setting is to accept 200 Ranges.
552#MaxRanges unlimited
553
554#
555# EnableMMAP and EnableSendfile: On systems that support it,
556# memory-mapping or the sendfile syscall may be used to deliver
557# files.  This usually improves server performance, but must
558# be turned off when serving from networked-mounted
559# filesystems or if support for these functions is otherwise
560# broken on your system.
561# Defaults: EnableMMAP On, EnableSendfile Off
562#
563#EnableMMAP off
564#EnableSendfile on
565
566# Supplemental configuration
567#
568# The configuration files in the conf/extra/ directory can be
569# included to add extra features or to modify the default configuration of
570# the server, or you may simply copy their contents here and change as
571# necessary.
572
573# Server-pool management (MPM specific)
574#Include conf/extra/httpd-mpm.conf
575
576# Multi-language error messages
577#Include conf/extra/httpd-multilang-errordoc.conf
578
579# Fancy directory listings
580#Include conf/extra/httpd-autoindex.conf
581
582# Language settings
583#Include conf/extra/httpd-languages.conf
584
585# User home directories
586#Include conf/extra/httpd-userdir.conf
587
588# Real-time info on requests and configuration
589#Include conf/extra/httpd-info.conf
590
591# Local access to the Apache HTTP Server Manual
592#Include conf/extra/httpd-manual.conf
593
594# Distributed authoring and versioning (WebDAV)
595#Include conf/extra/httpd-dav.conf
596
597# Various default settings
598#Include conf/extra/httpd-default.conf
599
600# Configure mod_proxy_html to understand HTML4/XHTML1
601<IfModule proxy_html_module>
602Include conf/extra/proxy-html.conf
603</IfModule>
604
605##### Secure (SSL/TLS) connections
606##### Next line in file where all Cipher and other global SSL settings are configured #######
607Include conf/extra/httpd-ssl.conf
608#
609# Note: The following must must be present to support
610#       starting without SSL on platforms with no /dev/random equivalent
611#       but a statically compiled-in mod_ssl.
612#
613<IfModule ssl_module>
614SSLRandomSeed startup builtin
615SSLRandomSeed connect builtin
616</IfModule>
617
618#### The following locations are limited to localhost and Paul's home machine
619#### They give the status of the Let's Encrypt Certs (both server-status and md-status have entries
620#### Server Status also gives some stats on the httpd server
621
622#### Server Status
623####### Could add internal DOH addresses here as well ########
624<Location "/server-status">
625  SetHandler server-status
626        Require ip 127.0.0.1
627        Require ip ::1
628        Require ip 96.77.28.246
629</Location>
630
631##### ACME Protocol (mod_md) status
632####### Could add internal DOH addresses here as well ########
633<Location "/md-status">
634  SetHandler md-status
635        Require ip 127.0.0.1
636        Require ip ::1
637        Require ip 96.77.28.246
638</Location>
639
640### Intruder IO suggest turning off TraceEnable
641TraceEnable off
642
643###### SET MOD_MD GLOBAL SETTING BELOW #######
644
645# Virtual hosts
646Include conf/extra/httpd-vhosts.conf
647
648###
649### mod_md example:
650### Almost any Apache directive may go into a VirtualHost container.
651### The first VirtualHost section is used for all requests that do not
652### match a ServerName or ServerAlias in any <VirtualHost> block.
653###
654
655##### GLOBAL SETTINGS, I think they will work here, if not move into individual Virtual Hosts ####
656#### Let's Encrypt testing/staging  URL
657#### the MDCertificateAuthority line sets the URL to Production OR  testing/staging URL ####
658
659MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
660
661####
662#### Let's Encrypt PRODUCTION URL
663#### MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
664
665MDCertificateAgreement accepted
666
667####
668#### The following commands may also be in the specific MDomain element ####
669####
670
671MDRequireHttps temporary
672MDStapling on
673MDCAChallenges tls-alpn-01
674MDPrivateKeys RSA 4096
675
676<MDomain ibisnew.health.state.nm.us>
677        MDRenewWindow 1d
678</MDomain>
679
680<MDomain nmtracknew.nmtracking.org>
681        MDRenewWindow 1d
682</MDomain>
Note: See TracBrowser for help on using the repository browser.