--- templates/httpd.conf.template.orig 2005-08-17 07:31:16.000000000 -0400
+++ templates/httpd.conf.template 2005-08-17 07:32:21.000000000 -0400
@@ -1,7 +1,7 @@
KOLAB_META_START
-TARGET=@l_prefix@/etc/apache/apache.conf
+TARGET=/etc/httpd/modules.d/41_mod_ssl.default-vhost.conf
PERMISSIONS=0640
-OWNERSHIP=@l_musr@:@l_ngrp@
+OWNERSHIP=root:root
KOLAB_META_END
# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003 Martin Konold <martin.konold@erfrakon.de>
@@ -12,197 +12,59 @@
# this file is automatically written by the Kolab config backend
# manual additions are lost unless made to the template in the Kolab config directory
-### Section 1: Global Environment
-ServerRoot "@l_prefix@"
+# until this ldap module can deal gracefuly with connections
+# that were dropped by the ldap server (either because it was
+# restarted or because idletimeout was hit)
+LDAP_Persistent_G off
-# do not require SSL as default for now
-SSLVerifyClient none
-#SSLCACertificateFile @l_prefix@/etc/kolab/server.pem
-SSLSessionCache dbm:@l_prefix@/var/apache/log/ssl_scache
-SSLSessionCacheTimeout 300
-SSLMutex file:@l_prefix@/var/apache/log/ssl_mutex
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-
-# FreeBusy list handling
-RewriteEngine On
-#RewriteLog "/tmp/rewrite.log"
-#RewriteLogLevel 9
-RewriteRule ^/freebusy/([^/]+)\.ifb /freebusy/freebusy.php?uid=$1
-RewriteRule ^/freebusy/([^/]+)\.vfb /freebusy/freebusy.php?uid=$1
-RewriteRule ^/freebusy/([^/]+)\.xfb /freebusy/freebusy.php?uid=$1&extended=1
-RewriteRule ^/freebusy/trigger/(.+)\.pfb /freebusy/pfb.php?folder=$1&cache=0
-RewriteRule ^/freebusy/(.+)\.pfb /freebusy/pfb.php?folder=$1&cache=1
-RewriteRule ^/freebusy/trigger/(.+)\.xpfb /freebusy/pfb.php?folder=$1&cache=0&extended=1
-RewriteRule ^/freebusy/(.+)\.xpfb /freebusy/pfb.php?folder=$1&cache=1&extended=1
-
-<VirtualHost _default_:443>
-SSLEngine on
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-SSLCertificateFile @l_prefix@/etc/kolab/cert.pem
-SSLCertificateKeyFile @l_prefix@/etc/kolab/key.pem
-
-RewriteEngine On
-RewriteOptions inherit
-
-<Files ~ "\.(cgi|shtml|phtml|php4|php3?)$">
- SSLOptions +StdEnvVars
-</Files>
-
-<Directory "@l_prefix@/var/kolab/www/cgi-bin">
- SSLOptions +StdEnvVars
-</Directory>
-
-</VirtualHost>
-
-#<IfModule !mpm_winnt.c>
-#<IfModule !mpm_netware.c>
-#LockFile var/apache/log/accept.lock
-#</IfModule>
-#</IfModule>
-
-#<IfModule !mpm_netware.c>
-#<IfModule !perchild.c>
-#ScoreBoardFile var/apache/log/apache_runtime_status
-#</IfModule>
-#</IfModule>
-
-#<IfModule !mpm_netware.c>
-#PidFile var/apache/run/apache.pid
-#</IfModule>
-
-User @l_nusr@
-Group @l_ngrp@
-
-Timeout 300
-KeepAlive On
-MaxKeepAliveRequests 100
-KeepAliveTimeout 15
-
-<IfModule prefork.c>
-StartServers 5
-MinSpareServers 5
-MaxSpareServers 10
-MaxClients 150
-MaxRequestsPerChild 0
-</IfModule>
-
-<IfModule worker.c>
-StartServers 2
-MaxClients 150
-MinSpareThreads 25
-MaxSpareThreads 75
-ThreadsPerChild 25
-MaxRequestsPerChild 0
-</IfModule>
-
-<IfModule perchild.c>
-NumServers 5
-StartThreads 5
-MinSpareThreads 5
-MaxSpareThreads 10
-MaxThreadsPerChild 20
-MaxRequestsPerChild 0
-</IfModule>
-
-Listen 80
-Listen 443
-
-
-### Section 2: 'Main' server configuration
-
-ServerAdmin root@localhost
-#ServerName new.host.name:80
-UseCanonicalName Off
-DocumentRoot "@l_prefix@/var/kolab/www"
-
-<Directory />
- Options FollowSymLinks
- AllowOverride None
-</Directory>
-
-#<Directory "@l_prefix@/var/kolab/www">
-# Options Indexes FollowSymLinks
-# AllowOverride None
-# Order allow,deny
-# Allow from all
-#</Directory>
-
-#DirectoryIndex index.html
-AccessFileName .htaccess
-
-<Location />
- ErrorDocument 403 https://@@@fqdnhostname@@@/admin/
+<Location /kolab>
+ ErrorDocument 403 https://@@@fqdnhostname@@@/kolab/admin/
</Location>
+
<Location /fbview>
- ErrorDocument 403 https://@@@fqdnhostname@@@/fbview/
+ ErrorDocument 403 https://@@@fqdnhostname@@@/kolab/fbview/
</Location>
-<Files ~ "^\.ht">
- Order allow,deny
- Deny from all
-</Files>
-
-TypesConfig etc/apache/mime.types
-DefaultType text/plain
-<IfModule mod_mime_magic.c>
- MIMEMagicFile @l_prefix@/etc/apache/mime.magic
+<IfModule mod_dav.c>
+ DavLockDB /var/www/html/kolab/locks/DAVlock
</IfModule>
-HostnameLookups On
-ErrorLog @l_prefix@/var/apache/log/apache-error.log
-LogLevel warn
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-CustomLog @l_prefix@/var/apache/log/apache-access.log common
-
-ServerTokens Full
-ServerSignature On
-
-Alias /icons/ "@l_prefix@/var/kolab/www/icons/"
-
-<Directory "@l_prefix@/var/kolab/www/icons">
- Options Indexes MultiViews
- AllowOverride None
- Order allow,deny
- Allow from all
-</Directory>
-
-ScriptAlias /cgi-bin/ "@l_prefix@/var/kolab/www/cgi-bin/"
-
-<Directory "@l_prefix@/var/kolab/www/cgi-bin">
- AllowOverride None
- Options None
- Order allow,deny
- Allow from all
-</Directory>
-
-DavLockDB @l_prefix@/var/kolab/www/locks/DAVlock
-
-<Location /admin>
- SSLRequireSSL
+<Location /kolab/admin>
+ <IfModule mod_ssl.c>
+ SSLRequireSSL
+ </IfModule>
</Location>
@@@if apache-http@@@
@@@else@@@
-<Location /fbview>
- SSLRequireSSL
+
+<Location /kolab/fbview>
+ <IfModule mod_ssl.c>
+ SSLRequireSSL
+ </IfModule>
</Location>
-<Location /freebusy>
- SSLRequireSSL
+
+<Location /kolab/freebusy>
+ <IfModule mod_ssl.c>
+ SSLRequireSSL
+ </IfModule>
</Location>
@@@endif@@@
-#<Location /freebusy>
-# SSLVerifyClient require
-# SSLVerifyDepth 1
+#<Location /kolab/freebusy>
+# <IfModule mod_ssl.c>
+# SSLVerifyClient require
+# SSLVerifyDepth 1
+# </IfModule>
#ForceType application/x-httpd-php
#</Location>
-<Directory "@l_prefix@/var/kolab/www/freebusy">
- #Dav On
- #Script PUT /freebusy/freebusy.php
+Alias /freebusy /var/www/html/kolab/freebusy
+
+<Directory "/var/www/html/kolab/freebusy">
+ <IfModule mod_dav.c>
+ Dav On
+ </Ifmodule>
+ #Script PUT /kolab/freebusy/freebusy.php
AllowOverride None
Options None
# Disallow for everyone as default
@@ -217,27 +79,34 @@
@@@if apache-allow-unauthenticated-fb@@@
@@@else@@@
AuthType Basic
- AuthName "Kolab Freebusy"
-
- LDAP_Server @@@ldap_ip@@@
- LDAP_Port @@@ldap_port@@@
- Base_DN "@@@base_dn@@@"
- # temporary : openldap changed from 2.1.9 to 2.1.12
- # anonymous bind with dn is nolonger allowed
- # unfortunately mod_auth_ldap seems to exactly do so
- # need to investigate ...
- Bind_DN "@@@php_dn@@@"
- Bind_Pass "@@@php_pw@@@"
- UID_Filter "(|(uid=%u)(mail=%u))"
+ AuthName "Kolab Freebusy (webdav)"
+# <IfModule mod_mm_auth_ldap.c>
+ LDAP_Server @@@ldap_ip@@@
+ LDAP_Port @@@ldap_port@@@
+ Base_DN "@@@base_dn@@@"
+ # temporary : openldap changed from 2.1.9 to 2.1.12
+ # anonymous bind with dn is nolonger allowed
+ # unfortunately mod_auth_ldap seems to exactly do so
+ # need to investigate ...
+ Bind_DN "@@@php_dn@@@"
+ Bind_Pass "@@@php_pw@@@"
+ UID_Filter "(|(uid=%u)(mail=%u))"
+# </IfModule>
@@@endif@@@
- DavMinTimeout 600
+ <IfModule mod_dav.c>
+ DavMinTimeout 600
+ </Ifmodule>
AddDefaultCharset Off
- php_value include_path ".:@l_prefix@/var/kolab/php:@l_prefix@/var/kolab/php/pear:/php/include:@l_prefix@/lib/php"
- #php_admin_flag safe_mode on
+ <IfModule mod_php5.c>
+ php_value include_path ".:/var/www/html/kolab/admin/include:/usr/share/pear"
+ #php_admin_flag safe_mode on
+ </IfModule>
</Directory>
-<Directory "@l_prefix@/var/kolab/www/webcalendar">
- Dav On
+<Directory "/var/www/html/kolab/webcalendar">
+ <IfModule mod_dav.c>
+ Dav On
+ </Ifmodule>
AllowOverride None
Options None
# Disallow for everyone as default
@@ -248,27 +117,34 @@
</Limit>
AuthType Basic
AuthName "Kolab Freebusy (webdav)"
- LDAP_Server @@@ldap_ip@@@
- LDAP_Port @@@ldap_port@@@
- Base_DN "@@@base_dn@@@"
- # temporary : openldap changed from 2.1.9 to 2.1.12
- # anonymous bind with dn is nolonger allowed
- # unfortunately mod_auth_ldap seems to exactly do so
- # need to investigate ...
- Bind_DN "@@@php_dn@@@"
- Bind_Pass "@@@php_pw@@@"
- UID_Filter "(|(uid=%u)(mail=%u))"
- DavMinTimeout 600
+
+# <IfModule mod_mm_auth_ldap.c>
+ LDAP_Server @@@ldap_ip@@@
+ LDAP_Port @@@ldap_port@@@
+ Base_DN "@@@base_dn@@@"
+ # temporary : openldap changed from 2.1.9 to 2.1.12
+ # anonymous bind with dn is nolonger allowed
+ # unfortunately mod_auth_ldap seems to exactly do so
+ # need to investigate ...
+ Bind_DN "@@@php_dn@@@"
+ Bind_Pass "@@@php_pw@@@"
+ UID_Filter "(|(uid=%u)(mail=%u))"
+# </IfModule>
+ <IfModule mod_dav.c>
+ DavMinTimeout 600
+ </Ifmodule>
AddDefaultCharset Off
</Directory>
-<Directory "/kolab/var/kolab/www/fbview">
+<Directory "/var/www/html/kolab/fbview">
AllowOverride All
Allow from all
- php_value include_path ".:@l_prefix@/var/kolab/php:@l_prefix@/var/kolab/php/pear:/php/include:@l_prefix@/lib/php"
+ <IfModule mod_php5.c>
+# php_value include_path ".:/var/www/html/kolab/admin/include:/usr/share/pear"
+ </IfModule>
</Directory>
-<Directory "@l_prefix@/var/kolab/www/admin">
+<Directory "/var/www/html/kolab/admin">
AllowOverride None
Options None
Order allow,deny
@@ -288,118 +164,92 @@
#require valid-user
</Directory>
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif core
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-
-DefaultIcon /icons/unknown.gif
-ReadmeName README.html
-HeaderName HEADER.html
-
-IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
-
-AddEncoding x-compress Z
-AddEncoding x-gzip gz tgz
-
-AddLanguage da .dk
-AddLanguage nl .nl
-AddLanguage en .en
-AddLanguage et .et
-AddLanguage fr .fr
-AddLanguage de .de
-AddLanguage he .he
-AddLanguage el .el
-AddLanguage it .it
-AddLanguage ja .ja
-AddLanguage pl .po
-AddLanguage ko .ko
-AddLanguage pt .pt
-AddLanguage nn .nn
-AddLanguage no .no
-AddLanguage pt-br .pt-br
-AddLanguage ltz .ltz
-AddLanguage ca .ca
-AddLanguage es .es
-AddLanguage sv .se
-AddLanguage cz .cz
-AddLanguage ru .ru
-AddLanguage tw .tw
-AddLanguage zh-tw .tw
-AddLanguage hr .hr
-
-LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca es sv tw
-#ForceLanguagePriority Prefer Fallback
-
-AddDefaultCharset ISO-8859-1
-
-AddCharset ISO-8859-1 .iso8859-1 .latin1
-AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
-AddCharset ISO-8859-3 .iso8859-3 .latin3
-AddCharset ISO-8859-4 .iso8859-4 .latin4
-AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
-AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
-AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
-AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
-AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
-AddCharset ISO-2022-JP .iso2022-jp .jis
-AddCharset ISO-2022-KR .iso2022-kr .kis
-AddCharset ISO-2022-CN .iso2022-cn .cis
-AddCharset Big5 .Big5 .big5
-AddCharset WINDOWS-1251 .cp-1251 .win-1251
-AddCharset CP866 .cp866
-AddCharset KOI8-r .koi8-r .koi8-ru
-AddCharset KOI8-ru .koi8-uk .ua
-AddCharset ISO-10646-UCS-2 .ucs2
-AddCharset ISO-10646-UCS-4 .ucs4
-AddCharset UTF-8 .utf8
-
-AddCharset GB2312 .gb2312 .gb
-AddCharset utf-7 .utf7
-AddCharset utf-8 .utf8
-AddCharset big5 .big5 .b5
-AddCharset EUC-TW .euc-tw
-AddCharset EUC-JP .euc-jp
-AddCharset EUC-KR .euc-kr
-AddCharset shift_jis .sjis
-
-AddType application/x-tar .tgz
-AddType application/x-httpd-php .php .php4 .php3 .html
-AddType image/x-icon .ico
-AddHandler type-map var
-DirectoryIndex index.php index.php4 index.php3 index.html
-
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+# FreeBusy list handling
+RewriteEngine On
+#RewriteLog "logs/rewrite_log"
+#RewriteLogLevel 9
+RewriteRule ^/kolab/freebusy/([^/]+)\.ifb /kolab/freebusy/freebusy.php?uid=$1
+RewriteRule ^/kolab/freebusy/([^/]+)\.vfb /kolab/freebusy/freebusy.php?uid=$1
+RewriteRule ^/kolab/freebusy/([^/]+)\.xfb /kolab/freebusy/freebusy.php?uid=$1&extended=1
+RewriteRule ^/kolab/freebusy/trigger/(.+)\.pfb /kolab/freebusy/pfb.php?folder=$1&cache=0
+RewriteRule ^/freebusy/trigger/(.+)\.pfb /kolab/freebusy/pfb.php?folder=$1&cache=0
+RewriteRule ^/kolab/freebusy/(.+)\.pfb /kolab/freebusy/pfb.php?folder=$1&cache=1
+RewriteRule ^/kolab/freebusy/trigger/(.+)\.xpfb /kolab/freebusy/pfb.php?folder=$1&cache=0&extended=1
+RewriteRule ^/freebusy/trigger/(.+)\.xpfb /kolab/freebusy/pfb.php?folder=$1&cache=0&extended=1
+RewriteRule ^/kolab/freebusy/(.+)\.xpfb /kolab/freebusy/pfb.php?folder=$1&cache=1&extended=1
+
+<IfModule mod_ssl.c>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+ErrorLog logs/ssl_error_log
-# used for local non Kolab extension
-Include @l_prefix@/etc/apache/apache.local
+<IfModule mod_log_config.c>
+ TransferLog logs/ssl_access_log
+</IfModule>
+
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+
+SSLEngine on
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+# Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate. If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase. Note that a kill -HUP will prompt again. A test
+# certificate can be generated with `make certificate' under
+# built time. Keep in mind that if you've both a RSA and a DSA
+# certificate you can configure both in parallel (to also allow
+# the use of DSA ciphers, etc.)
+
+SSLCertificateFile /etc/kolab/cert.pem
+
+# Server Private Key:
+# If the key is not combined with the certificate, use this
+# directive to point at the key file. Keep in mind that if
+# you've both a RSA and a DSA private key you can configure
+# both in parallel (to also allow the use of DSA ciphers, etc.)
+
+SSLCertificateKeyFile /etc/kolab/key.pem
+
+<Files ~ "\.(cgi|shtml|phtml|php?)$">
+ SSLOptions +StdEnvVars
+</Files>
+
+<Directory "/var/www/cgi-bin">
+ SSLOptions +StdEnvVars
+</Directory>
+
+<IfModule mod_setenvif.c>
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+</IfModule>
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+
+<IfModule mod_log_config.c>
+CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</IfModule>
+
+<IfModule mod_rewrite.c>
+ RewriteEngine On
+ RewriteOptions inherit
+</IfModule>
+
+</VirtualHost>
+
+</IfModule>
