--- templates/httpd.conf.template.orig 2005-08-17 07:31:16.000000000 -0400 +++ templates/httpd.conf.template 2005-08-17 07:32:21.000000000 -0400 @@ -1,7 +1,7 @@ KOLAB_META_START -TARGET=@l_prefix@/etc/apache/apache.conf +TARGET=/etc/httpd/modules.d/41_mod_ssl.default-vhost.conf PERMISSIONS=0640 -OWNERSHIP=@l_musr@:@l_ngrp@ +OWNERSHIP=root:root KOLAB_META_END # (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de> # (c) 2003 Martin Konold <martin.konold@erfrakon.de> @@ -12,197 +12,59 @@ # this file is automatically written by the Kolab config backend # manual additions are lost unless made to the template in the Kolab config directory -### Section 1: Global Environment -ServerRoot "@l_prefix@" +# until this ldap module can deal gracefuly with connections +# that were dropped by the ldap server (either because it was +# restarted or because idletimeout was hit) +LDAP_Persistent_G off -# do not require SSL as default for now -SSLVerifyClient none -#SSLCACertificateFile @l_prefix@/etc/kolab/server.pem -SSLSessionCache dbm:@l_prefix@/var/apache/log/ssl_scache -SSLSessionCacheTimeout 300 -SSLMutex file:@l_prefix@/var/apache/log/ssl_mutex -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - -# FreeBusy list handling -RewriteEngine On -#RewriteLog "/tmp/rewrite.log" -#RewriteLogLevel 9 -RewriteRule ^/freebusy/([^/]+)\.ifb /freebusy/freebusy.php?uid=$1 -RewriteRule ^/freebusy/([^/]+)\.vfb /freebusy/freebusy.php?uid=$1 -RewriteRule ^/freebusy/([^/]+)\.xfb /freebusy/freebusy.php?uid=$1&extended=1 -RewriteRule ^/freebusy/trigger/(.+)\.pfb /freebusy/pfb.php?folder=$1&cache=0 -RewriteRule ^/freebusy/(.+)\.pfb /freebusy/pfb.php?folder=$1&cache=1 -RewriteRule ^/freebusy/trigger/(.+)\.xpfb /freebusy/pfb.php?folder=$1&cache=0&extended=1 -RewriteRule ^/freebusy/(.+)\.xpfb /freebusy/pfb.php?folder=$1&cache=1&extended=1 - -<VirtualHost _default_:443> -SSLEngine on -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL -SSLCertificateFile @l_prefix@/etc/kolab/cert.pem -SSLCertificateKeyFile @l_prefix@/etc/kolab/key.pem - -RewriteEngine On -RewriteOptions inherit - -<Files ~ "\.(cgi|shtml|phtml|php4|php3?)$"> - SSLOptions +StdEnvVars -</Files> - -<Directory "@l_prefix@/var/kolab/www/cgi-bin"> - SSLOptions +StdEnvVars -</Directory> - -</VirtualHost> - -#<IfModule !mpm_winnt.c> -#<IfModule !mpm_netware.c> -#LockFile var/apache/log/accept.lock -#</IfModule> -#</IfModule> - -#<IfModule !mpm_netware.c> -#<IfModule !perchild.c> -#ScoreBoardFile var/apache/log/apache_runtime_status -#</IfModule> -#</IfModule> - -#<IfModule !mpm_netware.c> -#PidFile var/apache/run/apache.pid -#</IfModule> - -User @l_nusr@ -Group @l_ngrp@ - -Timeout 300 -KeepAlive On -MaxKeepAliveRequests 100 -KeepAliveTimeout 15 - -<IfModule prefork.c> -StartServers 5 -MinSpareServers 5 -MaxSpareServers 10 -MaxClients 150 -MaxRequestsPerChild 0 -</IfModule> - -<IfModule worker.c> -StartServers 2 -MaxClients 150 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 -</IfModule> - -<IfModule perchild.c> -NumServers 5 -StartThreads 5 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxThreadsPerChild 20 -MaxRequestsPerChild 0 -</IfModule> - -Listen 80 -Listen 443 - - -### Section 2: 'Main' server configuration - -ServerAdmin root@localhost -#ServerName new.host.name:80 -UseCanonicalName Off -DocumentRoot "@l_prefix@/var/kolab/www" - -<Directory /> - Options FollowSymLinks - AllowOverride None -</Directory> - -#<Directory "@l_prefix@/var/kolab/www"> -# Options Indexes FollowSymLinks -# AllowOverride None -# Order allow,deny -# Allow from all -#</Directory> - -#DirectoryIndex index.html -AccessFileName .htaccess - -<Location /> - ErrorDocument 403 https://@@@fqdnhostname@@@/admin/ +<Location /kolab> + ErrorDocument 403 https://@@@fqdnhostname@@@/kolab/admin/ </Location> + <Location /fbview> - ErrorDocument 403 https://@@@fqdnhostname@@@/fbview/ + ErrorDocument 403 https://@@@fqdnhostname@@@/kolab/fbview/ </Location> -<Files ~ "^\.ht"> - Order allow,deny - Deny from all -</Files> - -TypesConfig etc/apache/mime.types -DefaultType text/plain -<IfModule mod_mime_magic.c> - MIMEMagicFile @l_prefix@/etc/apache/mime.magic +<IfModule mod_dav.c> + DavLockDB /var/www/html/kolab/locks/DAVlock </IfModule> -HostnameLookups On -ErrorLog @l_prefix@/var/apache/log/apache-error.log -LogLevel warn -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -CustomLog @l_prefix@/var/apache/log/apache-access.log common - -ServerTokens Full -ServerSignature On - -Alias /icons/ "@l_prefix@/var/kolab/www/icons/" - -<Directory "@l_prefix@/var/kolab/www/icons"> - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all -</Directory> - -ScriptAlias /cgi-bin/ "@l_prefix@/var/kolab/www/cgi-bin/" - -<Directory "@l_prefix@/var/kolab/www/cgi-bin"> - AllowOverride None - Options None - Order allow,deny - Allow from all -</Directory> - -DavLockDB @l_prefix@/var/kolab/www/locks/DAVlock - -<Location /admin> - SSLRequireSSL +<Location /kolab/admin> + <IfModule mod_ssl.c> + SSLRequireSSL + </IfModule> </Location> @@@if apache-http@@@ @@@else@@@ -<Location /fbview> - SSLRequireSSL + +<Location /kolab/fbview> + <IfModule mod_ssl.c> + SSLRequireSSL + </IfModule> </Location> -<Location /freebusy> - SSLRequireSSL + +<Location /kolab/freebusy> + <IfModule mod_ssl.c> + SSLRequireSSL + </IfModule> </Location> @@@endif@@@ -#<Location /freebusy> -# SSLVerifyClient require -# SSLVerifyDepth 1 +#<Location /kolab/freebusy> +# <IfModule mod_ssl.c> +# SSLVerifyClient require +# SSLVerifyDepth 1 +# </IfModule> #ForceType application/x-httpd-php #</Location> -<Directory "@l_prefix@/var/kolab/www/freebusy"> - #Dav On - #Script PUT /freebusy/freebusy.php +Alias /freebusy /var/www/html/kolab/freebusy + +<Directory "/var/www/html/kolab/freebusy"> + <IfModule mod_dav.c> + Dav On + </Ifmodule> + #Script PUT /kolab/freebusy/freebusy.php AllowOverride None Options None # Disallow for everyone as default @@ -217,27 +79,34 @@ @@@if apache-allow-unauthenticated-fb@@@ @@@else@@@ AuthType Basic - AuthName "Kolab Freebusy" - - LDAP_Server @@@ldap_ip@@@ - LDAP_Port @@@ldap_port@@@ - Base_DN "@@@base_dn@@@" - # temporary : openldap changed from 2.1.9 to 2.1.12 - # anonymous bind with dn is nolonger allowed - # unfortunately mod_auth_ldap seems to exactly do so - # need to investigate ... - Bind_DN "@@@php_dn@@@" - Bind_Pass "@@@php_pw@@@" - UID_Filter "(|(uid=%u)(mail=%u))" + AuthName "Kolab Freebusy (webdav)" +# <IfModule mod_mm_auth_ldap.c> + LDAP_Server @@@ldap_ip@@@ + LDAP_Port @@@ldap_port@@@ + Base_DN "@@@base_dn@@@" + # temporary : openldap changed from 2.1.9 to 2.1.12 + # anonymous bind with dn is nolonger allowed + # unfortunately mod_auth_ldap seems to exactly do so + # need to investigate ... + Bind_DN "@@@php_dn@@@" + Bind_Pass "@@@php_pw@@@" + UID_Filter "(|(uid=%u)(mail=%u))" +# </IfModule> @@@endif@@@ - DavMinTimeout 600 + <IfModule mod_dav.c> + DavMinTimeout 600 + </Ifmodule> AddDefaultCharset Off - php_value include_path ".:@l_prefix@/var/kolab/php:@l_prefix@/var/kolab/php/pear:/php/include:@l_prefix@/lib/php" - #php_admin_flag safe_mode on + <IfModule mod_php5.c> + php_value include_path ".:/var/www/html/kolab/admin/include:/usr/share/pear" + #php_admin_flag safe_mode on + </IfModule> </Directory> -<Directory "@l_prefix@/var/kolab/www/webcalendar"> - Dav On +<Directory "/var/www/html/kolab/webcalendar"> + <IfModule mod_dav.c> + Dav On + </Ifmodule> AllowOverride None Options None # Disallow for everyone as default @@ -248,27 +117,34 @@ </Limit> AuthType Basic AuthName "Kolab Freebusy (webdav)" - LDAP_Server @@@ldap_ip@@@ - LDAP_Port @@@ldap_port@@@ - Base_DN "@@@base_dn@@@" - # temporary : openldap changed from 2.1.9 to 2.1.12 - # anonymous bind with dn is nolonger allowed - # unfortunately mod_auth_ldap seems to exactly do so - # need to investigate ... - Bind_DN "@@@php_dn@@@" - Bind_Pass "@@@php_pw@@@" - UID_Filter "(|(uid=%u)(mail=%u))" - DavMinTimeout 600 + +# <IfModule mod_mm_auth_ldap.c> + LDAP_Server @@@ldap_ip@@@ + LDAP_Port @@@ldap_port@@@ + Base_DN "@@@base_dn@@@" + # temporary : openldap changed from 2.1.9 to 2.1.12 + # anonymous bind with dn is nolonger allowed + # unfortunately mod_auth_ldap seems to exactly do so + # need to investigate ... + Bind_DN "@@@php_dn@@@" + Bind_Pass "@@@php_pw@@@" + UID_Filter "(|(uid=%u)(mail=%u))" +# </IfModule> + <IfModule mod_dav.c> + DavMinTimeout 600 + </Ifmodule> AddDefaultCharset Off </Directory> -<Directory "/kolab/var/kolab/www/fbview"> +<Directory "/var/www/html/kolab/fbview"> AllowOverride All Allow from all - php_value include_path ".:@l_prefix@/var/kolab/php:@l_prefix@/var/kolab/php/pear:/php/include:@l_prefix@/lib/php" + <IfModule mod_php5.c> +# php_value include_path ".:/var/www/html/kolab/admin/include:/usr/share/pear" + </IfModule> </Directory> -<Directory "@l_prefix@/var/kolab/www/admin"> +<Directory "/var/www/html/kolab/admin"> AllowOverride None Options None Order allow,deny @@ -288,118 +164,92 @@ #require valid-user </Directory> -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -DefaultIcon /icons/unknown.gif -ReadmeName README.html -HeaderName HEADER.html - -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -AddEncoding x-compress Z -AddEncoding x-gzip gz tgz - -AddLanguage da .dk -AddLanguage nl .nl -AddLanguage en .en -AddLanguage et .et -AddLanguage fr .fr -AddLanguage de .de -AddLanguage he .he -AddLanguage el .el -AddLanguage it .it -AddLanguage ja .ja -AddLanguage pl .po -AddLanguage ko .ko -AddLanguage pt .pt -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pt-br .pt-br -AddLanguage ltz .ltz -AddLanguage ca .ca -AddLanguage es .es -AddLanguage sv .se -AddLanguage cz .cz -AddLanguage ru .ru -AddLanguage tw .tw -AddLanguage zh-tw .tw -AddLanguage hr .hr - -LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca es sv tw -#ForceLanguagePriority Prefer Fallback - -AddDefaultCharset ISO-8859-1 - -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb -AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk -AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb -AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5 .Big5 .big5 -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-8 .utf8 - -AddCharset GB2312 .gb2312 .gb -AddCharset utf-7 .utf7 -AddCharset utf-8 .utf8 -AddCharset big5 .big5 .b5 -AddCharset EUC-TW .euc-tw -AddCharset EUC-JP .euc-jp -AddCharset EUC-KR .euc-kr -AddCharset shift_jis .sjis - -AddType application/x-tar .tgz -AddType application/x-httpd-php .php .php4 .php3 .html -AddType image/x-icon .ico -AddHandler type-map var -DirectoryIndex index.php index.php4 index.php3 index.html - -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully +# FreeBusy list handling +RewriteEngine On +#RewriteLog "logs/rewrite_log" +#RewriteLogLevel 9 +RewriteRule ^/kolab/freebusy/([^/]+)\.ifb /kolab/freebusy/freebusy.php?uid=$1 +RewriteRule ^/kolab/freebusy/([^/]+)\.vfb /kolab/freebusy/freebusy.php?uid=$1 +RewriteRule ^/kolab/freebusy/([^/]+)\.xfb /kolab/freebusy/freebusy.php?uid=$1&extended=1 +RewriteRule ^/kolab/freebusy/trigger/(.+)\.pfb /kolab/freebusy/pfb.php?folder=$1&cache=0 +RewriteRule ^/freebusy/trigger/(.+)\.pfb /kolab/freebusy/pfb.php?folder=$1&cache=0 +RewriteRule ^/kolab/freebusy/(.+)\.pfb /kolab/freebusy/pfb.php?folder=$1&cache=1 +RewriteRule ^/kolab/freebusy/trigger/(.+)\.xpfb /kolab/freebusy/pfb.php?folder=$1&cache=0&extended=1 +RewriteRule ^/freebusy/trigger/(.+)\.xpfb /kolab/freebusy/pfb.php?folder=$1&cache=0&extended=1 +RewriteRule ^/kolab/freebusy/(.+)\.xpfb /kolab/freebusy/pfb.php?folder=$1&cache=1&extended=1 + +<IfModule mod_ssl.c> + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + +ErrorLog logs/ssl_error_log -# used for local non Kolab extension -Include @l_prefix@/etc/apache/apache.local +<IfModule mod_log_config.c> + TransferLog logs/ssl_access_log +</IfModule> + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. + +SSLEngine on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. + +SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A test +# certificate can be generated with `make certificate' under +# built time. Keep in mind that if you've both a RSA and a DSA +# certificate you can configure both in parallel (to also allow +# the use of DSA ciphers, etc.) + +SSLCertificateFile /etc/kolab/cert.pem + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) + +SSLCertificateKeyFile /etc/kolab/key.pem + +<Files ~ "\.(cgi|shtml|phtml|php?)$"> + SSLOptions +StdEnvVars +</Files> + +<Directory "/var/www/cgi-bin"> + SSLOptions +StdEnvVars +</Directory> + +<IfModule mod_setenvif.c> + SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 +</IfModule> + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. + +<IfModule mod_log_config.c> +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" +</IfModule> + +<IfModule mod_rewrite.c> + RewriteEngine On + RewriteOptions inherit +</IfModule> + +</VirtualHost> + +</IfModule>