Compare commits
501 Commits
57d3ef9c28
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
7087dd53d0
|
|||
|
27cc36f9c0
|
|||
|
f68466907f
|
|||
|
b252c2c087
|
|||
|
89b357473a
|
|||
|
2e371b2db9
|
|||
|
4de083c8d2
|
|||
|
f3aaebf592
|
|||
| 63f1d8d6ee | |||
|
a1a4d87dc1
|
|||
| 0462696924 | |||
| 36de5666db | |||
|
94152ff0a5
|
|||
| 838bad1300 | |||
|
cf8ae92948
|
|||
| 83224591b7 | |||
|
fb9049ac39
|
|||
| 08e90b0575 | |||
|
395eab01c1
|
|||
| 568c8cbfcb | |||
|
539b7449e4
|
|||
|
0adb7aa903
|
|||
| 8483bbcb73 | |||
|
9ef481c25a
|
|||
| 3f09035a63 | |||
|
6c9d76d918
|
|||
| baa7465647 | |||
|
85ad2f175d
|
|||
| 3c0a44708e | |||
|
af736db201
|
|||
| 9db37ca20b | |||
|
4cbe55a56e
|
|||
| 172767a8e7 | |||
|
60a96a7c97
|
|||
| 5bfeec4ba5 | |||
|
88133e84ee
|
|||
| e1a12cf5c8 | |||
|
9db90c39bd
|
|||
|
bd5905bbb3
|
|||
|
e175a5c852
|
|||
|
a563b361e1
|
|||
|
4b375916e2
|
|||
|
36b5be7369
|
|||
|
c29646f24a
|
|||
|
8152f1d311
|
|||
|
1c15a25444
|
|||
|
2f6473b772
|
|||
|
293b4727cb
|
|||
|
305a3e80d2
|
|||
|
5b2ee333be
|
|||
|
71b6eab350
|
|||
|
1a75050dad
|
|||
|
d6d3b5082d
|
|||
|
2fc15e207f
|
|||
|
ad769d179b
|
|||
|
5446d0b5ef
|
|||
|
9248d2abdd
|
|||
|
50a7fc890b
|
|||
|
acd8e76016
|
|||
|
57da1d7fc2
|
|||
|
6482720e07
|
|||
|
0ef76f1fa7
|
|||
|
3f3134b5fb
|
|||
|
9a0c1a47ac
|
|||
|
5a25bae549
|
|||
|
28bb67975e
|
|||
|
39e701a0bf
|
|||
|
c729488227
|
|||
|
f5a298855e
|
|||
|
193211d349
|
|||
|
0238e60a16
|
|||
|
c174ca7288
|
|||
|
8e3cf35e1e
|
|||
|
11873ee36f
|
|||
|
77673cda04
|
|||
|
a019a68558
|
|||
|
f1fc80e5de
|
|||
|
d0314b6c52
|
|||
|
f73b0d0ce9
|
|||
|
a773ec408c
|
|||
|
924f228367
|
|||
|
f579967979
|
|||
|
5954185834
|
|||
|
353de9c1c0
|
|||
|
1a64c362be
|
|||
|
dc6c08c0e5
|
|||
|
b1dc671bfb
|
|||
|
4fed9b890a
|
|||
|
2123bb245a
|
|||
|
c666df190f
|
|||
|
01fd1164f1
|
|||
|
8d8b193c53
|
|||
|
0c5e392b05
|
|||
|
cdcdbb2ed9
|
|||
|
ab65d4e8ae
|
|||
|
b5f010a759
|
|||
|
17b4f96aca
|
|||
|
d5f19143df
|
|||
|
7da224190f
|
|||
|
a842699a00
|
|||
|
d2118f40bb
|
|||
|
c082b8b488
|
|||
|
113cc38efb
|
|||
|
42ecc990c6
|
|||
|
0d874aa552
|
|||
|
3c7230d4ca
|
|||
|
275108fa53
|
|||
|
c0e00c75cf
|
|||
|
4a832edef1
|
|||
|
059e196640
|
|||
|
d52ede16fb
|
|||
|
66a573a0dd
|
|||
|
9779d19380
|
|||
|
bec2e5b2dc
|
|||
|
66d4614a90
|
|||
|
419583f9f2
|
|||
|
49d83a4c6f
|
|||
|
192cf375f5
|
|||
|
9fa1ad54c2
|
|||
|
183027fbb6
|
|||
|
ea77c33716
|
|||
|
a210d4edeb
|
|||
|
203a761e03
|
|||
|
e1348b867a
|
|||
|
fd3017e27f
|
|||
|
113904a846
|
|||
|
520600d269
|
|||
|
e63f531589
|
|||
|
974a3d1216
|
|||
|
41aa8840b0
|
|||
|
c4d5eebcc7
|
|||
|
73725a8751
|
|||
|
476c3cd8e6
|
|||
|
0c15c19e1a
|
|||
|
793bb71a10
|
|||
|
ec1f7ecb96
|
|||
|
0c2b0d36a7
|
|||
|
f2d14ca067
|
|||
|
7fd1b46cdc
|
|||
|
eb23188dd3
|
|||
|
1cd45c85b5
|
|||
|
6fef597574
|
|||
|
9e04b8ccd3
|
|||
|
8c812db480
|
|||
|
25224177e4
|
|||
|
bc3ffbcc22
|
|||
|
9246884969
|
|||
|
3d1858e0f6
|
|||
|
e10559639a
|
|||
|
4f03179cc9
|
|||
|
2937eba7c2
|
|||
|
8b76150d81
|
|||
|
aedb945e7f
|
|||
|
a48f4cdd85
|
|||
|
7631ea72d1
|
|||
|
60e0cd205e
|
|||
|
9d78bd48b5
|
|||
|
5bcb268847
|
|||
|
0694ecd59d
|
|||
|
18c15c9244
|
|||
|
bdc43cd20e
|
|||
|
9646e3da30
|
|||
|
67f0221bf2
|
|||
|
4abec6bf41
|
|||
|
1114295b03
|
|||
|
8027ac05cd
|
|||
|
59cd41be51
|
|||
|
e5051ae34b
|
|||
|
0a3a3e4cee
|
|||
|
0c312ee0ad
|
|||
|
6b0d26252a
|
|||
|
58308107f6
|
|||
|
e936ecdc5c
|
|||
|
7a636a88f5
|
|||
|
1e98a0efe0
|
|||
|
eab3b1d59f
|
|||
|
ec4475ef23
|
|||
|
f5b1d66dd8
|
|||
|
6f988d5ff6
|
|||
|
09c04ae777
|
|||
| 5bd97e9e5f | |||
| bd41187b01 | |||
| 91a0860cab | |||
| 3db2f145e1 | |||
| c34674b5ca | |||
| 33b0341beb | |||
| c015468b2b | |||
| d6b0136276 | |||
| 62f81512ff | |||
| bc6f38718c | |||
| d22f3f2de1 | |||
| fe22263513 | |||
| 7d418da8ca | |||
| 14db4fad95 | |||
| d462b3b699 | |||
| ca0c57e1da | |||
| 4494865cf1 | |||
| aaf12b9219 | |||
| b61fe8cbee | |||
| 24294e708b | |||
| 01268bb64a | |||
| 3c05905e14 | |||
| 30c82829f9 | |||
| 01481b534e | |||
| 0a788d5c4e | |||
| fb33253be6 | |||
| a572436625 | |||
| 897ac478f8 | |||
| 449ac77df7 | |||
| 32a3492500 | |||
| 45434263c7 | |||
| 3b09858b0b | |||
| 4699743c4a | |||
| 6d5ccdd2a9 | |||
| 55e38f3370 | |||
| 8c76747370 | |||
| 1b3c90507a | |||
| 768615cb01 | |||
| 064eecaec1 | |||
| 8d8bde9e42 | |||
| 2f3cb187cb | |||
| de222f0b71 | |||
| 3c08bb8731 | |||
| f738c0dc4e | |||
| 0f7139b21c | |||
| 4f178ab4f7 | |||
| 59a2c9016e | |||
| 8de48b63e3 | |||
| 9f2438be2a | |||
| a75d3705a0 | |||
| f8cd1efdde | |||
| f57348cc45 | |||
| ca44b445ef | |||
| e9c254c148 | |||
| 3c4d4cc12e | |||
| 3c832c288a | |||
| 902503f4be | |||
| 9df440a3c8 | |||
| 468e659595 | |||
| a548a58cf1 | |||
| 2423792139 | |||
| a74dada79b | |||
| 2b8677576e | |||
| 6f4c0451aa | |||
| 84b037cefc | |||
| a5c6801ad7 | |||
| 8f9d47c270 | |||
| 836c35a84c | |||
| 604da46a69 | |||
| 7cfd49d9bd | |||
| 8bbde0bc6c | |||
| 0e1fc1c14e | |||
| 27675b6d82 | |||
| 453139388d | |||
| bb980765cb | |||
| 05a0b4ac68 | |||
| 7157119b8d | |||
| 831cc21cd4 | |||
| 34b8bb07f9 | |||
| 40e361c1c9 | |||
| 07ea5cf6af | |||
| f7b8f6545b | |||
| d54a1c74c5 | |||
| 3396998630 | |||
| 30ef8ff18c | |||
| 0b377009a5 | |||
| e0dc7e1790 | |||
| 79e6e39112 | |||
| 79e617c55d | |||
| 021765352d | |||
| 4f701c013c | |||
| 8f327b04b3 | |||
| 4395b8034c | |||
| 9d469289ed | |||
| bfeff44109 | |||
| 4b8be1a112 | |||
| 6767bdf12c | |||
| 7e4dc6b245 | |||
| b9a9e862b6 | |||
| 7ede9e4031 | |||
| e6f243b079 | |||
| 13ea9c20a6 | |||
| 59f69534e2 | |||
| cbe3404f2a | |||
| cb9777f216 | |||
| c7cb38303f | |||
| 507bd00b99 | |||
| 351cffc637 | |||
| 15d5568b32 | |||
| c926e408dc | |||
| f4e0e923b2 | |||
| f4bb7b9d03 | |||
| 08005d5724 | |||
| 8acf75dc15 | |||
| d6be779113 | |||
| d3988b8431 | |||
| d2fa1b290a | |||
| 2e8186b540 | |||
| e1a6e3fd4a | |||
| 29bf5948f1 | |||
| 3173c6094d | |||
| 176a30e31e | |||
| f4151abc3f | |||
| 9ef51a9b8c | |||
| 9b30664a41 | |||
| a65428816e | |||
| 23aece35e1 | |||
| c5bcae71fd | |||
| 35bbd1bfff | |||
| f9fe1a6a14 | |||
| 259dde90c1 | |||
| 295b7370df | |||
| 4277d871a3 | |||
| 8b2c86621b | |||
| 12f9044e69 | |||
| 36767edf90 | |||
| 7b00fd5fac | |||
| 4928db6267 | |||
| bba5e273ae | |||
| af25b749ec | |||
| d2346d4a65 | |||
| 619ca21f11 | |||
| 7b2045732f | |||
| ad92ecfd9c | |||
| 4201b004b6 | |||
| f2a99b77e4 | |||
| aa8b1bb570 | |||
| fb20466233 | |||
| 8b6d6da294 | |||
| 0dcbfa4174 | |||
| 347828a868 | |||
| 95d11db007 | |||
| e07ff951fb | |||
| 1daa22d767 | |||
| e7eac95453 | |||
| a0cf50b7cf | |||
| d70b23b0b1 | |||
| 872f7633a0 | |||
| e15987f2dc | |||
| 752468e5d9 | |||
| 1047752534 | |||
| 248787e188 | |||
| 2c34983602 | |||
| 70917f630e | |||
| e5a385e5c8 | |||
| d8d40835be | |||
| 371783897f | |||
| 1a8d3e7ae2 | |||
| a8273b4d99 | |||
| 213d4ec8b1 | |||
| d10cc5a79f | |||
| 5a340fb3c3 | |||
| 7271471109 | |||
| 621799043d | |||
| 90d39f1432 | |||
| 1d2581a005 | |||
| 18b6cd938a | |||
| 394574d6b6 | |||
| dd1e9458c5 | |||
| 94deb71dab | |||
| e1d048dd8d | |||
| 7e157eb9a7 | |||
| 7329cbaa44 | |||
| 8b2a993fb0 | |||
| 6dbde96153 | |||
| 69907dd4fb | |||
| 63a6c56919 | |||
| 0d06d4feae | |||
| e10558c076 | |||
| 3c73d234ad | |||
| 4777716237 | |||
| a9ce587c21 | |||
| 754ce4a6f8 | |||
| b6e25d1ab8 | |||
| 4afbe76369 | |||
| d92c35b296 | |||
| 484346789e | |||
| 60dc1383f3 | |||
| fa635f3cc8 | |||
| 49442dfa6a | |||
| 8e6874a645 | |||
| 3e29276429 | |||
| cd054ce5a0 | |||
| 66da6f9302 | |||
| 7f1aac64a6 | |||
| aef5751b3f | |||
| 3defbfe501 | |||
| 0d86887899 | |||
| b11e54e88b | |||
| 4a889a31bc | |||
| a9347ec487 | |||
| 420e97b8d6 | |||
| 886d31cb78 | |||
| f4c2ef5dde | |||
| 186ac87325 | |||
| 7e4eab3cbf | |||
| 580805bc34 | |||
| 1ed6bd0ccb | |||
| bdd06e2d44 | |||
| 14e33ecc87 | |||
| 38fbd29350 | |||
| 0b5a7c157a | |||
| 2d8095dc64 | |||
| 7c24efe69b | |||
| 8bb7f19527 | |||
| 397d014d4c | |||
| fe3c5c948f | |||
| 14439f2f9e | |||
| a20e2cbf82 | |||
| 6c89af9f26 | |||
| 9053f02dbd | |||
| d1902220d6 | |||
| 87b2934cba | |||
| 8147f41d6f | |||
| 329e5bd68e | |||
| 9f589ee5ce | |||
| 4e58508b8e | |||
| f6031f74d1 | |||
| ea082eab65 | |||
| fcba030a5b | |||
| 31ae9def96 | |||
| 0d9bccd369 | |||
| 450a362e9f | |||
| 63660c95f0 | |||
| 16aeded91d | |||
| f12170f031 | |||
| 4e82652606 | |||
| 18a82ac36e | |||
| 61e76737ba | |||
| 7db6a00d70 | |||
| 4bbb6e16a8 | |||
| e1b7a0b28f | |||
| 86236c17a4 | |||
| 55a0e76641 | |||
| ba7bbb305b | |||
| 91be16608b | |||
| 7cbfac9fb7 | |||
| d78755b196 | |||
| e146fc8397 | |||
| 520c438433 | |||
| 4b7de6cda5 | |||
| 768cf6bf1d | |||
| fd4875440f | |||
| ae91989756 | |||
| 13f2a91b00 | |||
| 97cc4c6286 | |||
| 5137d9839e | |||
| b5514e9415 | |||
| f60ec08a4f | |||
| 3bddbe8573 | |||
| 0d61ddd2a1 | |||
| 59f3b848e2 | |||
| c72d7ff9d8 | |||
| ee27479396 | |||
| 4250f753ea | |||
| d14565866d | |||
| c8b1b6c7b2 | |||
| 09f6c8352b | |||
| 389d6a4fd0 | |||
| b34ccb2b07 | |||
| 27309a8ab2 | |||
| fd1f6b3146 | |||
| c866bbaf4f | |||
| d9e6d0a540 | |||
| 2b57a5b9d8 | |||
| cf0ccf3489 | |||
| adc37067c7 | |||
| f24025b1de | |||
| 8dc0c8f81a | |||
| f0c8c9849e | |||
| 3959e8c2f5 | |||
| 1dd8dc5afb | |||
| 62c8c6478b | |||
| 564bb8fd79 | |||
| 788289d494 | |||
| 057032f6b2 | |||
| 6865134483 | |||
| e253c47116 | |||
| 579032189f | |||
| 47ad64d5e1 | |||
| 48187d8b97 | |||
| 4cec4cdb7b | |||
| 67c0140d73 | |||
| 8e629398fe | |||
| 8ca2fbb2aa | |||
| fd6c89c509 | |||
| a1ed1e9cad | |||
| d467e24cb5 | |||
| 10f0aab8f1 | |||
| bcb557d117 | |||
| c7224ff7b5 | |||
| 4cee19dc73 | |||
| 7d73100790 | |||
| e640cbddc0 | |||
| 05005fb2b7 | |||
| f3cc4d6451 | |||
| 261e05480f | |||
| 193f933e1c | |||
| eb7f4905f5 | |||
| 90a7d2c631 | |||
| 07ea4550a0 |
@@ -0,0 +1,404 @@
|
||||
Attribution-NonCommercial-NoDerivatives 4.0 International
|
||||
|
||||
=======================================================================
|
||||
|
||||
Creative Commons Corporation ("Creative Commons") is not a law firm and
|
||||
does not provide legal services or legal advice. Distribution of
|
||||
Creative Commons public licenses does not create a lawyer-client or
|
||||
other relationship. Creative Commons makes its licenses and related
|
||||
information available on an "as-is" basis. Creative Commons gives no
|
||||
warranties regarding its licenses, any material licensed under their
|
||||
terms and conditions, or any related information. Creative Commons
|
||||
disclaims all liability for damages resulting from their use to the
|
||||
fullest extent possible.
|
||||
|
||||
Using Creative Commons Public Licenses
|
||||
|
||||
Creative Commons public licenses provide a standard set of terms and
|
||||
conditions that creators and other rights holders may use to share
|
||||
original works of authorship and other material subject to copyright
|
||||
and certain other rights specified in the public license below. The
|
||||
following considerations are for informational purposes only, are not
|
||||
exhaustive, and do not form part of our licenses.
|
||||
|
||||
Considerations for licensors: Our public licenses are
|
||||
intended for use by those authorized to give the public
|
||||
permission to use material in ways otherwise restricted by
|
||||
copyright and certain other rights. Our licenses are
|
||||
irrevocable. Licensors should read and understand the terms
|
||||
and conditions of the license they choose before applying it.
|
||||
Licensors should also secure all rights necessary before
|
||||
applying our licenses so that the public can reuse the
|
||||
material as expected. Licensors should clearly mark any
|
||||
material not subject to the license. This includes other CC-
|
||||
licensed material, or material used under an exception or
|
||||
limitation to copyright. More considerations for licensors:
|
||||
wiki.creativecommons.org/Considerations_for_licensors
|
||||
|
||||
Considerations for the public: By using one of our public
|
||||
licenses, a licensor grants the public permission to use the
|
||||
licensed material under specified terms and conditions. If
|
||||
the licensor's permission is not necessary for any reason--for
|
||||
example, because of any applicable exception or limitation to
|
||||
copyright--then that use is not regulated by the license. Our
|
||||
licenses grant only permissions under copyright and certain
|
||||
other rights that a licensor has authority to grant. Use of
|
||||
the licensed material may still be restricted for other
|
||||
reasons, including because others have copyright or other
|
||||
rights in the material. A licensor may make special requests,
|
||||
such as asking that all changes be marked or described.
|
||||
Although not required by our licenses, you are encouraged to
|
||||
respect those requests where reasonable. More considerations
|
||||
for the public:
|
||||
wiki.creativecommons.org/Considerations_for_licensees
|
||||
|
||||
=======================================================================
|
||||
|
||||
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0
|
||||
International Public License
|
||||
|
||||
By exercising the Licensed Rights (defined below), You accept and agree
|
||||
to be bound by the terms and conditions of this Creative Commons
|
||||
Attribution-NonCommercial-NoDerivatives 4.0 International Public
|
||||
License ("Public License"). To the extent this Public License may be
|
||||
interpreted as a contract, You are granted the Licensed Rights in
|
||||
consideration of Your acceptance of these terms and conditions, and the
|
||||
Licensor grants You such rights in consideration of benefits the
|
||||
Licensor receives from making the Licensed Material available under
|
||||
these terms and conditions.
|
||||
|
||||
|
||||
Section 1 -- Definitions.
|
||||
|
||||
a. Adapted Material means material subject to Copyright and Similar
|
||||
Rights that is derived from or based upon the Licensed Material
|
||||
and in which the Licensed Material is translated, altered,
|
||||
arranged, transformed, or otherwise modified in a manner requiring
|
||||
permission under the Copyright and Similar Rights held by the
|
||||
Licensor. For purposes of this Public License, where the Licensed
|
||||
Material is a musical work, performance, or sound recording,
|
||||
Adapted Material is always produced where the Licensed Material is
|
||||
synched in timed relation with a moving image.
|
||||
|
||||
b. Copyright and Similar Rights means copyright and/or similar rights
|
||||
closely related to copyright including, without limitation,
|
||||
performance, broadcast, sound recording, and Sui Generis Database
|
||||
Rights, without regard to how the rights are labeled or
|
||||
categorized. For purposes of this Public License, the rights
|
||||
specified in Section 2(b)(1)-(2) are not Copyright and Similar
|
||||
Rights.
|
||||
|
||||
c. Effective Technological Measures means those measures that, in the
|
||||
absence of proper authority, may not be circumvented under laws
|
||||
fulfilling obligations under Article 11 of the WIPO Copyright
|
||||
Treaty adopted on December 20, 1996, and/or similar international
|
||||
agreements.
|
||||
|
||||
d. Exceptions and Limitations means fair use, fair dealing, and/or
|
||||
any other exception or limitation to Copyright and Similar Rights
|
||||
that applies to Your use of the Licensed Material.
|
||||
|
||||
e. Licensed Material means the artistic or literary work, database,
|
||||
or other material to which the Licensor applied this Public
|
||||
License.
|
||||
|
||||
f. Licensed Rights means the rights granted to You subject to the
|
||||
terms and conditions of this Public License, which are limited to
|
||||
all Copyright and Similar Rights that apply to Your use of the
|
||||
Licensed Material and that the Licensor has authority to license.
|
||||
|
||||
g. Licensor means the individual(s) or entity(ies) granting rights
|
||||
under this Public License.
|
||||
|
||||
h. NonCommercial means not primarily intended for or directed towards
|
||||
commercial advantage or monetary compensation. For purposes of
|
||||
this Public License, the exchange of the Licensed Material for
|
||||
other material subject to Copyright and Similar Rights by digital
|
||||
file-sharing or similar means is NonCommercial provided there is
|
||||
no payment of monetary compensation in connection with the
|
||||
exchange.
|
||||
|
||||
i. Share means to provide material to the public by any means or
|
||||
process that requires permission under the Licensed Rights, such
|
||||
as reproduction, public display, public performance, distribution,
|
||||
dissemination, communication, or importation, and to make material
|
||||
available to the public including in ways that members of the
|
||||
public may access the material from a place and at a time
|
||||
individually chosen by them.
|
||||
|
||||
j. Sui Generis Database Rights means rights other than copyright
|
||||
resulting from Directive 96/9/EC of the European Parliament and of
|
||||
the Council of 11 March 1996 on the legal protection of databases,
|
||||
as amended and/or succeeded, as well as other essentially
|
||||
equivalent rights anywhere in the world.
|
||||
|
||||
k. You means the individual or entity exercising the Licensed Rights
|
||||
under this Public License. Your has a corresponding meaning.
|
||||
|
||||
|
||||
Section 2 -- Scope.
|
||||
|
||||
a. License grant.
|
||||
|
||||
1. Subject to the terms and conditions of this Public License,
|
||||
the Licensor hereby grants You a worldwide, royalty-free,
|
||||
non-sublicensable, non-exclusive, irrevocable license to
|
||||
exercise the Licensed Rights in the Licensed Material to:
|
||||
|
||||
a. reproduce and Share the Licensed Material, in whole or
|
||||
in part, for NonCommercial purposes only; and
|
||||
|
||||
b. produce and reproduce, but not Share, Adapted Material
|
||||
for NonCommercial purposes only.
|
||||
|
||||
2. Exceptions and Limitations. For the avoidance of doubt, where
|
||||
Exceptions and Limitations apply to Your use, this Public
|
||||
License does not apply, and You do not need to comply with
|
||||
its terms and conditions.
|
||||
|
||||
3. Term. The term of this Public License is specified in Section
|
||||
6(a).
|
||||
|
||||
4. Media and formats; technical modifications allowed. The
|
||||
Licensor authorizes You to exercise the Licensed Rights in
|
||||
all media and formats whether now known or hereafter created,
|
||||
and to make technical modifications necessary to do so. The
|
||||
Licensor waives and/or agrees not to assert any right or
|
||||
authority to forbid You from making technical modifications
|
||||
necessary to exercise the Licensed Rights, including
|
||||
technical modifications necessary to circumvent Effective
|
||||
Technological Measures. For purposes of this Public License,
|
||||
simply making modifications authorized by this Section 2(a)
|
||||
(4) never produces Adapted Material.
|
||||
|
||||
5. Downstream recipients.
|
||||
|
||||
a. Offer from the Licensor -- Licensed Material. Every
|
||||
recipient of the Licensed Material automatically
|
||||
receives an offer from the Licensor to exercise the
|
||||
Licensed Rights under the terms and conditions of this
|
||||
Public License.
|
||||
|
||||
b. No downstream restrictions. You may not offer or impose
|
||||
any additional or different terms or conditions on, or
|
||||
apply any Effective Technological Measures to, the
|
||||
Licensed Material if doing so restricts exercise of the
|
||||
Licensed Rights by any recipient of the Licensed
|
||||
Material.
|
||||
|
||||
6. No endorsement. Nothing in this Public License constitutes or
|
||||
may be construed as permission to assert or imply that You
|
||||
are, or that Your use of the Licensed Material is, connected
|
||||
with, or sponsored, endorsed, or granted official status by,
|
||||
the Licensor or others designated to receive attribution as
|
||||
provided in Section 3(a)(1)(A)(i).
|
||||
|
||||
b. Other rights.
|
||||
|
||||
1. Moral rights, such as the right of integrity, are not
|
||||
licensed under this Public License, nor are publicity,
|
||||
privacy, and/or other similar personality rights; however, to
|
||||
the extent possible, the Licensor waives and/or agrees not to
|
||||
assert any such rights held by the Licensor to the limited
|
||||
extent necessary to allow You to exercise the Licensed
|
||||
Rights, but not otherwise.
|
||||
|
||||
2. Patent and trademark rights are not licensed under this
|
||||
Public License.
|
||||
|
||||
3. To the extent possible, the Licensor waives any right to
|
||||
collect royalties from You for the exercise of the Licensed
|
||||
Rights, whether directly or through a collecting society
|
||||
under any voluntary or waivable statutory or compulsory
|
||||
licensing scheme. In all other cases the Licensor expressly
|
||||
reserves any right to collect such royalties, including when
|
||||
the Licensed Material is used other than for NonCommercial
|
||||
purposes.
|
||||
|
||||
|
||||
Section 3 -- License Conditions.
|
||||
|
||||
Your exercise of the Licensed Rights is expressly made subject to the
|
||||
following conditions.
|
||||
|
||||
a. Attribution.
|
||||
|
||||
1. If You Share the Licensed Material, You must:
|
||||
|
||||
a. retain the following if it is supplied by the Licensor
|
||||
with the Licensed Material:
|
||||
|
||||
i. identification of the creator(s) of the Licensed
|
||||
Material and any others designated to receive
|
||||
attribution, in any reasonable manner requested by
|
||||
the Licensor (including by pseudonym if
|
||||
designated);
|
||||
|
||||
ii. a copyright notice;
|
||||
|
||||
iii. a notice that refers to this Public License;
|
||||
|
||||
iv. a notice that refers to the disclaimer of
|
||||
warranties;
|
||||
|
||||
v. a URI or hyperlink to the Licensed Material to the
|
||||
extent reasonably practicable;
|
||||
|
||||
b. indicate if You modified the Licensed Material and
|
||||
retain an indication of any previous modifications; and
|
||||
|
||||
c. indicate the Licensed Material is licensed under this
|
||||
Public License, and include the text of, or the URI or
|
||||
hyperlink to, this Public License.
|
||||
|
||||
For the avoidance of doubt, You do not have permission under
|
||||
this Public License to Share Adapted Material.
|
||||
|
||||
2. You may satisfy the conditions in Section 3(a)(1) in any
|
||||
reasonable manner based on the medium, means, and context in
|
||||
which You Share the Licensed Material. For example, it may be
|
||||
reasonable to satisfy the conditions by providing a URI or
|
||||
hyperlink to a resource that includes the required
|
||||
information.
|
||||
|
||||
3. If requested by the Licensor, You must remove any of the
|
||||
information required by Section 3(a)(1)(A) to the extent
|
||||
reasonably practicable.
|
||||
|
||||
|
||||
Section 4 -- Sui Generis Database Rights.
|
||||
|
||||
Where the Licensed Rights include Sui Generis Database Rights that
|
||||
apply to Your use of the Licensed Material:
|
||||
|
||||
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
|
||||
to extract, reuse, reproduce, and Share all or a substantial
|
||||
portion of the contents of the database for NonCommercial purposes
|
||||
only and provided You do not Share Adapted Material;
|
||||
|
||||
b. if You include all or a substantial portion of the database
|
||||
contents in a database in which You have Sui Generis Database
|
||||
Rights, then the database in which You have Sui Generis Database
|
||||
Rights (but not its individual contents) is Adapted Material; and
|
||||
|
||||
c. You must comply with the conditions in Section 3(a) if You Share
|
||||
all or a substantial portion of the contents of the database.
|
||||
|
||||
For the avoidance of doubt, this Section 4 supplements and does not
|
||||
replace Your obligations under this Public License where the Licensed
|
||||
Rights include other Copyright and Similar Rights.
|
||||
|
||||
|
||||
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
|
||||
|
||||
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
|
||||
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
|
||||
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
|
||||
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
|
||||
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
|
||||
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
|
||||
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
|
||||
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
|
||||
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
|
||||
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
|
||||
|
||||
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
|
||||
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
|
||||
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
|
||||
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
|
||||
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
|
||||
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
|
||||
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
|
||||
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
|
||||
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
|
||||
|
||||
c. The disclaimer of warranties and limitation of liability provided
|
||||
above shall be interpreted in a manner that, to the extent
|
||||
possible, most closely approximates an absolute disclaimer and
|
||||
waiver of all liability.
|
||||
|
||||
|
||||
Section 6 -- Term and Termination.
|
||||
|
||||
a. This Public License applies for the term of the Copyright and
|
||||
Similar Rights licensed here. However, if You fail to comply with
|
||||
this Public License, then Your rights under this Public License
|
||||
terminate automatically.
|
||||
|
||||
b. Where Your right to use the Licensed Material has terminated under
|
||||
Section 6(a), it reinstates:
|
||||
|
||||
1. automatically as of the date the violation is cured, provided
|
||||
it is cured within 30 days of Your discovery of the
|
||||
violation; or
|
||||
|
||||
2. upon express reinstatement by the Licensor.
|
||||
|
||||
For the avoidance of doubt, this Section 6(b) does not affect any
|
||||
right the Licensor may have to seek remedies for Your violations
|
||||
of this Public License.
|
||||
|
||||
c. For the avoidance of doubt, the Licensor may also offer the
|
||||
Licensed Material under separate terms or conditions or stop
|
||||
distributing the Licensed Material at any time; however, doing so
|
||||
will not terminate this Public License.
|
||||
|
||||
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
|
||||
License.
|
||||
|
||||
|
||||
Section 7 -- Other Terms and Conditions.
|
||||
|
||||
a. The Licensor shall not be bound by any additional or different
|
||||
terms or conditions communicated by You unless expressly agreed.
|
||||
|
||||
b. Any arrangements, understandings, or agreements regarding the
|
||||
Licensed Material not stated herein are separate from and
|
||||
independent of the terms and conditions of this Public License.
|
||||
|
||||
|
||||
Section 8 -- Interpretation.
|
||||
|
||||
a. For the avoidance of doubt, this Public License does not, and
|
||||
shall not be interpreted to, reduce, limit, restrict, or impose
|
||||
conditions on any use of the Licensed Material that could lawfully
|
||||
be made without permission under this Public License.
|
||||
|
||||
b. To the extent possible, if any provision of this Public License is
|
||||
deemed unenforceable, it shall be automatically reformed to the
|
||||
minimum extent necessary to make it enforceable. If the provision
|
||||
cannot be reformed, it shall be severed from this Public License
|
||||
without affecting the enforceability of the remaining terms and
|
||||
conditions.
|
||||
|
||||
c. No term or condition of this Public License will be waived and no
|
||||
failure to comply consented to unless expressly agreed to by the
|
||||
Licensor.
|
||||
|
||||
d. Nothing in this Public License constitutes or may be interpreted
|
||||
as a limitation upon, or waiver of, any privileges and immunities
|
||||
that apply to the Licensor or You, including from the legal
|
||||
processes of any jurisdiction or authority.
|
||||
|
||||
=======================================================================
|
||||
|
||||
Creative Commons is not a party to its public
|
||||
licenses. Notwithstanding, Creative Commons may elect to apply one of
|
||||
its public licenses to material it publishes and in those instances
|
||||
will be considered the “Licensor.” The text of the Creative Commons
|
||||
public licenses is dedicated to the public domain under the CC0 Public
|
||||
Domain Dedication. Except for the limited purpose of indicating that
|
||||
material is shared under a Creative Commons public license or as
|
||||
otherwise permitted by the Creative Commons policies published at
|
||||
creativecommons.org/policies, Creative Commons does not authorize the
|
||||
use of the trademark "Creative Commons" or any other trademark or logo
|
||||
of Creative Commons without its prior written consent including,
|
||||
without limitation, in connection with any unauthorized modifications
|
||||
to any of its public licenses or any other arrangements,
|
||||
understandings, or agreements concerning use of licensed material. For
|
||||
the avoidance of doubt, this paragraph does not form part of the
|
||||
public licenses.
|
||||
|
||||
Creative Commons may be contacted at creativecommons.org.
|
||||
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
- name: 'all'
|
||||
hosts: 'all'
|
||||
gather_facts: false
|
||||
serial: 1
|
||||
tasks:
|
||||
- name: 'Remove known_host file entries'
|
||||
delegate_to: 'localhost'
|
||||
ansible.builtin.shell:
|
||||
ssh-keygen -f ~/.ssh/known_hosts -R {{ inventory_hostname }}
|
||||
- name: 'Add known_hosts file entries'
|
||||
delegate_to: 'localhost'
|
||||
ansible.builtin.shell:
|
||||
ssh-keyscan {{ inventory_hostname }} >> ~/.ssh/known_hosts
|
||||
...
|
||||
@@ -1,97 +0,0 @@
|
||||
# ---> Ansible
|
||||
*.retry
|
||||
|
||||
# ---> Windows
|
||||
# Windows thumbnail cache files
|
||||
Thumbs.db
|
||||
ehthumbs.db
|
||||
ehthumbs_vista.db
|
||||
|
||||
# Dump file
|
||||
*.stackdump
|
||||
|
||||
# Folder config file
|
||||
[Dd]esktop.ini
|
||||
|
||||
# Recycle Bin used on file shares
|
||||
$RECYCLE.BIN/
|
||||
|
||||
# Windows Installer files
|
||||
*.cab
|
||||
*.msi
|
||||
*.msix
|
||||
*.msm
|
||||
*.msp
|
||||
|
||||
# Windows shortcuts
|
||||
*.lnk
|
||||
|
||||
# ---> macOS
|
||||
# General
|
||||
.DS_Store
|
||||
.AppleDouble
|
||||
.LSOverride
|
||||
|
||||
# Icon must end with two \r
|
||||
Icon
|
||||
|
||||
|
||||
# Thumbnails
|
||||
._*
|
||||
|
||||
# Files that might appear in the root of a volume
|
||||
.DocumentRevisions-V100
|
||||
.fseventsd
|
||||
.Spotlight-V100
|
||||
.TemporaryItems
|
||||
.Trashes
|
||||
.VolumeIcon.icns
|
||||
.com.apple.timemachine.donotpresent
|
||||
|
||||
# Directories potentially created on remote AFP share
|
||||
.AppleDB
|
||||
.AppleDesktop
|
||||
Network Trash Folder
|
||||
Temporary Items
|
||||
.apdisk
|
||||
|
||||
# ---> Linux
|
||||
*~
|
||||
|
||||
# temporary files which can be created if a process still has a handle open of a deleted file
|
||||
.fuse_hidden*
|
||||
|
||||
# KDE directory preferences
|
||||
.directory
|
||||
|
||||
# Linux trash folder which might appear on any partition or disk
|
||||
.Trash-*
|
||||
|
||||
# .nfs files are created when an open file is removed but is still being accessed
|
||||
.nfs*
|
||||
|
||||
# ---> Vim
|
||||
# Swap
|
||||
[._]*.s[a-v][a-z]
|
||||
[._]*.sw[a-p]
|
||||
[._]s[a-rt-v][a-z]
|
||||
[._]ss[a-gi-z]
|
||||
[._]sw[a-p]
|
||||
|
||||
# Session
|
||||
Session.vim
|
||||
|
||||
# Temporary
|
||||
.netrwhist
|
||||
*~
|
||||
# Auto-generated tag files
|
||||
tags
|
||||
# Persistent undo
|
||||
[._]*.un~
|
||||
|
||||
# ---> VisualStudioCode
|
||||
.vscode/*
|
||||
!.vscode/settings.json
|
||||
!.vscode/tasks.json
|
||||
!.vscode/launch.json
|
||||
!.vscode/extensions.json
|
||||
@@ -1,163 +0,0 @@
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim copies of this license
|
||||
document, but changing it is not allowed.
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates the terms
|
||||
and conditions of version 3 of the GNU General Public License, supplemented
|
||||
by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser General
|
||||
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
|
||||
License.
|
||||
|
||||
|
||||
|
||||
"The Library" refers to a covered work governed by this License, other than
|
||||
an Application or a Combined Work as defined below.
|
||||
|
||||
|
||||
|
||||
An "Application" is any work that makes use of an interface provided by the
|
||||
Library, but which is not otherwise based on the Library. Defining a subclass
|
||||
of a class defined by the Library is deemed a mode of using an interface provided
|
||||
by the Library.
|
||||
|
||||
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an Application
|
||||
with the Library. The particular version of the Library with which the Combined
|
||||
Work was made is also called the "Linked Version".
|
||||
|
||||
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
|
||||
Source for the Combined Work, excluding any source code for portions of the
|
||||
Combined Work that, considered in isolation, are based on the Application,
|
||||
and not on the Linked Version.
|
||||
|
||||
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the object
|
||||
code and/or source code for the Application, including any data and utility
|
||||
programs needed for reproducing the Combined Work from the Application, but
|
||||
excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License without
|
||||
being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a facility
|
||||
refers to a function or data to be supplied by an Application that uses the
|
||||
facility (other than as an argument passed when the facility is invoked),
|
||||
then you may convey a copy of the modified version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to ensure
|
||||
that, in the event an Application does not supply the function or data, the
|
||||
facility still operates, and performs whatever part of its purpose remains
|
||||
meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of this License
|
||||
applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from a header
|
||||
file that is part of the Library. You may convey such object code under terms
|
||||
of your choice, provided that, if the incorporated material is not limited
|
||||
to numerical parameters, data structure layouts and accessors, or small macros,
|
||||
inline functions and templates (ten or fewer lines in length), you do both
|
||||
of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the Library
|
||||
is used in it and that the Library and its use are covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that, taken together,
|
||||
effectively do not restrict modification of the portions of the Library contained
|
||||
in the Combined Work and reverse engineering for debugging such modifications,
|
||||
if you also do each of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that the Library
|
||||
is used in it and that the Library and its use are covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during execution, include
|
||||
the copyright notice for the Library among these notices, as well as a reference
|
||||
directing the user to the copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this License,
|
||||
and the Corresponding Application Code in a form suitable for, and under terms
|
||||
that permit, the user to recombine or relink the Application with a modified
|
||||
version of the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the Library. A
|
||||
suitable mechanism is one that (a) uses at run time a copy of the Library
|
||||
already present on the user's computer system, and (b) will operate properly
|
||||
with a modified version of the Library that is interface-compatible with the
|
||||
Linked Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise be required
|
||||
to provide such information under section 6 of the GNU GPL, and only to the
|
||||
extent that such information is necessary to install and execute a modified
|
||||
version of the Combined Work produced by recombining or relinking the Application
|
||||
with a modified version of the Linked Version. (If you use option 4d0, the
|
||||
Installation Information must accompany the Minimal Corresponding Source and
|
||||
Corresponding Application Code. If you use option 4d1, you must provide the
|
||||
Installation Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the Library side
|
||||
by side in a single library together with other library facilities that are
|
||||
not Applications and are not covered by this License, and convey such a combined
|
||||
library under terms of your choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based on the
|
||||
Library, uncombined with any other library facilities, conveyed under the
|
||||
terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it is a work
|
||||
based on the Library, and explaining where to find the accompanying uncombined
|
||||
form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of the
|
||||
GNU Lesser General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to address
|
||||
new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Library as you
|
||||
received it specifies that a certain numbered version of the GNU Lesser General
|
||||
Public License "or any later version" applies to it, you have the option of
|
||||
following the terms and conditions either of that published version or of
|
||||
any later version published by the Free Software Foundation. If the Library
|
||||
as you received it does not specify a version number of the GNU Lesser General
|
||||
Public License, you may choose any version of the GNU Lesser General Public
|
||||
License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide whether
|
||||
future versions of the GNU Lesser General Public License shall apply, that
|
||||
proxy's public statement of acceptance of any version is permanent authorization
|
||||
for you to choose that version for the Library.
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,73 @@
|
||||
Role Name
|
||||
=========
|
||||
|
||||
A brief description of the role goes here.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
||||
|
||||
Feature List
|
||||
------------
|
||||
|
||||
* Apache deployed
|
||||
* Enables HTTP/2
|
||||
* Enables and convets connections to HTTPS by default
|
||||
* ACME based TLS Certificate request and renewal
|
||||
* ACME uses Lets Encrypt by default, alternative ACME Providers may be specified
|
||||
* Optionally act as a proxy to another URL
|
||||
* Optionally redirect traffic to another URL
|
||||
* Optionally populate DocumentRoot with git clone
|
||||
* Multiple DocumentRoots supported, with aliases
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
* Lets Encrypt configuration
|
||||
* lets_encrypt_admin : The Email address your Lets Encrypt account is with
|
||||
* lets_encrypt_url : The ACME URL to speak with, defaults to Lets Encrypt, may set to 'https://acme-staging-v02.api.letsencrypt.org/directory' for Staging
|
||||
|
||||
* Web Host variable of type list
|
||||
* http_vhost
|
||||
* required dictionary elements
|
||||
* fqdn : The FQDN of the website
|
||||
* optional dictionary elements
|
||||
* aliases : list of alternative FQDN for the website
|
||||
* proxy : URL to direct traffic for the FQDN to, e.g. http://localhost:8080
|
||||
* redirect : Where should we send traffic?
|
||||
* repo : git URL of website repo to clone/update
|
||||
|
||||
~~~
|
||||
lets_encrypt_admin: 'acme@example.com'
|
||||
lets_encrypt_url: 'https://ipa.example.com'
|
||||
http_vhost:
|
||||
- fqdn: 'www.example.com'
|
||||
aliases:
|
||||
- 'exmaple.com'
|
||||
proxy: 'http://localhost:8080'
|
||||
~~~
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||
|
||||
- hosts: servers
|
||||
roles:
|
||||
- { role: username.rolename, x: 42 }
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
BSD
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
# defaults file for ensure_apache
|
||||
lets_encrypt_admin: 'root@example.com'
|
||||
lets_encrypt_url: 'https://acme-v02.api.letsencrypt.org/directory'
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
# handlers file for ensure_apache
|
||||
- name: 'ensure_apache.package_facts'
|
||||
ansible.builtin.package_facts:
|
||||
- name: 'ensure_apache.service_facts'
|
||||
ansible.builtin.service_facts:
|
||||
- name: 'ensure_apache.service_reload'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts["service_mgr"] == 'systemd'
|
||||
- ensure_apache is defined
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: 'yes'
|
||||
- name: 'ensure_apache.service_restart'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- ensure_apache.service_list is defined
|
||||
- ensure_apache.service_list is iterable
|
||||
- item.state == 'started'
|
||||
ansible.builtin.service:
|
||||
enabled: '{{ item.enabled }}'
|
||||
name: '{{ item.name }}'
|
||||
state: 'restarted'
|
||||
loop: '{{ ensure_apache.service_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be restarted'
|
||||
...
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
galaxy_info:
|
||||
author: Jason Rothstein
|
||||
description: Ensure Apache is installed, running, and functional
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: LGPL-3.0-or-later
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
||||
@@ -0,0 +1,225 @@
|
||||
---
|
||||
# tasks file for ensure_apache
|
||||
- name: 'include variables'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
include_vars:
|
||||
file: '{{ lookup("first_found", findme ) }}'
|
||||
name: 'ensure_apache'
|
||||
vars:
|
||||
findme:
|
||||
files:
|
||||
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
|
||||
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
|
||||
- '{{ ansible_facts["distribution"] }}-default.yml'
|
||||
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
|
||||
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
|
||||
- '{{ ansible_facts["os_family"] }}-default.yml'
|
||||
- 'default.yml'
|
||||
paths:
|
||||
- '../vars/'
|
||||
errors: 'ignore'
|
||||
- name: 'package discovery'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts["packages"] is not defined
|
||||
ansible.builtin.package_facts:
|
||||
- name: 'service discovery'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts["services"] is not defined
|
||||
ansible.builtin.service_facts:
|
||||
- name: 'ensure sysctl'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- ensure_apache.sysctl_list is defined
|
||||
- ensure_apache.sysctl_list is iterable
|
||||
ansible.posix.sysctl:
|
||||
name: '{{ item.name }}'
|
||||
reload: '{{ item.reload | default(omit) }}'
|
||||
state: '{{ item.state }}'
|
||||
sysctl_file: '{{ item.sysctl_file | default(omit) }}'
|
||||
sysctl_set: '{{ item.sysctl_set | default(omit) }}'
|
||||
value: '{{ item.value | default(omit) }}'
|
||||
loop: '{{ ensure_apache.sysctl_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.value }}'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure packages'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- ensure_apache.package_list is defined
|
||||
- ensure_apache.package_list is iterable
|
||||
ansible.builtin.package:
|
||||
name: '{{ item.name }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_apache.package_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure seboolean'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- ensure_apache.seboolean_list is defined
|
||||
- ensure_apache.seboolean_list is iterable
|
||||
ansible.posix.seboolean:
|
||||
name: '{{ item.name }}'
|
||||
persistent: '{{ item.persistent }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_apache.seboolean_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure configurations'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- http_vhost is defined
|
||||
- ensure_apache is defined
|
||||
- ensure_apache.template_list is defined
|
||||
- ensure_apache.template_list is iterable
|
||||
ansible.builtin.template:
|
||||
backup: 'no'
|
||||
dest: '{{ item.dest }}'
|
||||
group: '{{ item.group | default(omit) }}'
|
||||
mode: '{{ item.mode | default(omit) }}'
|
||||
owner: '{{ item.owner | default(omit) }}'
|
||||
selevel: '{{ iteml.selevel | default(omit) }}'
|
||||
serole: '{{ item.serole | default(omit) }}'
|
||||
setype: '{{ item.setype | default(omit) }}'
|
||||
seuser: '{{ item.seuser | default(omit) }}'
|
||||
src: '{{ item.src }}'
|
||||
loop: '{{ ensure_apache.template_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.dest }} will be ensured'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure firewall'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ansible_facts.packages["firewalld"] is defined
|
||||
- ansible_facts.packages["python3-firewall"] is defined
|
||||
- ensure_apache is defined
|
||||
- ensure_apache.firewall_list is defined
|
||||
- ensure_apache.firewall_list is iterable
|
||||
ansible.posix.firewalld:
|
||||
permanent: '{{ item.permanent }}'
|
||||
service: '{{ item.service }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_apache.firewall_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.service }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure permissions'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- http_vhost is defined
|
||||
- http_vhost is iterable
|
||||
- ensure_apache.permission_list is defined
|
||||
- ensure_apache.permission_list is iterable
|
||||
ansible.builtin.file:
|
||||
attributes: '{{ item.attributes | default(omit) }}'
|
||||
follow: '{{ item.follow | default(omit) }}'
|
||||
force: '{{ item.force | default(omit) }}'
|
||||
group: '{{ item.group | default(omit) }}'
|
||||
owner: '{{ item.owner | default(omit) }}'
|
||||
mode: '{{ item.mode | default(omit) }}'
|
||||
path: '{{ item.path }}'
|
||||
reuse: '{{ item.reuse | default(omit) }}'
|
||||
selevel: '{{ item.selevel | default(omit) }}'
|
||||
serole: '{{ item.serole | default(omit) }}'
|
||||
setype: '{{ item.setype | default(omit) }}'
|
||||
seuser: '{{ item.seuser | default(omit) }}'
|
||||
src: '{{ item.src | default(omit) }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_apache.permission_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.path }} will be ensured'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure vhost document roots'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- http_vhost is defined
|
||||
- http_vhost is iterable
|
||||
- item.fqdn is defined
|
||||
ansible.builtin.file:
|
||||
path: '/srv/http/{{ item.fqdn }}'
|
||||
state: 'directory'
|
||||
setype: 'httpd_sys_content_t'
|
||||
loop: '{{ http_vhost }}'
|
||||
loop_control:
|
||||
label: '/srv/http/{{ item.fqdn }} will be ensured'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure website content from git repos'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- http_vhost is defined
|
||||
- http_vhost is iterable
|
||||
- item.fqdn is defined
|
||||
- item.repo is defined
|
||||
ansible.builtin.git:
|
||||
accept_hostkey: 'yes'
|
||||
dest: '/srv/http/{{ item.fqdn }}'
|
||||
repo: '{{ item.repo }}'
|
||||
loop: '{{ http_vhost }}'
|
||||
loop_control:
|
||||
label: '/srv/http/{{ item.fqdn }} will be populated...'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'ensure services'
|
||||
when:
|
||||
- ansible_facts["system"] == 'Linux'
|
||||
- ensure_apache is defined
|
||||
- ensure_apache.service_list is defined
|
||||
- ensure_apache.service_list is iterable
|
||||
ansible.builtin.service:
|
||||
enabled: '{{ item.enabled }}'
|
||||
name: '{{ item.name }}'
|
||||
state: '{{ item.state }}'
|
||||
loop: '{{ ensure_apache.service_list }}'
|
||||
loop_control:
|
||||
label: '{{ item.name }} will be {{ item.state }}'
|
||||
notify:
|
||||
- 'ensure_apache.package_facts'
|
||||
- 'ensure_apache.service_facts'
|
||||
- 'ensure_apache.service_reload'
|
||||
- 'ensure_apache.service_restart'
|
||||
- name: 'flush handlers'
|
||||
meta: 'flush_handlers'
|
||||
...
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
|
||||
This directory holds configuration files for the Apache HTTP Server;
|
||||
any files in this directory which have the ".conf" extension will be
|
||||
processed as httpd configuration files. The directory is used in
|
||||
addition to the directory /etc/httpd/conf.modules.d/, which contains
|
||||
configuration files necessary to load modules.
|
||||
|
||||
Files are processed in sorted order. See httpd.conf(5) for more
|
||||
information.
|
||||
@@ -0,0 +1,93 @@
|
||||
#
|
||||
# Directives controlling the display of server-generated directory listings.
|
||||
#
|
||||
# Required modules: mod_authz_core, mod_authz_host,
|
||||
# mod_autoindex, mod_alias
|
||||
#
|
||||
# To see the listing of a directory, the Options directive for the
|
||||
# directory must include "Indexes", and the directory must not contain
|
||||
# a file matching those listed in the DirectoryIndex directive.
|
||||
#
|
||||
|
||||
#
|
||||
# IndexOptions: Controls the appearance of server-generated directory
|
||||
# listings.
|
||||
#
|
||||
IndexOptions FancyIndexing HTMLTable VersionSort
|
||||
|
||||
# We include the /icons/ alias for FancyIndexed directory listings. If
|
||||
# you do not use FancyIndexing, you may comment this out.
|
||||
#
|
||||
Alias /icons/ "/usr/share/httpd/icons/"
|
||||
|
||||
<Directory "/usr/share/httpd/icons">
|
||||
Options Indexes MultiViews FollowSymlinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# AddIcon* directives tell the server which icon to show for different
|
||||
# files or filename extensions. These are only displayed for
|
||||
# FancyIndexed directories.
|
||||
#
|
||||
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
|
||||
|
||||
AddIconByType (TXT,/icons/text.gif) text/*
|
||||
AddIconByType (IMG,/icons/image2.gif) image/*
|
||||
AddIconByType (SND,/icons/sound2.gif) audio/*
|
||||
AddIconByType (VID,/icons/movie.gif) video/*
|
||||
AddIconByType /icons/bomb.gif application/x-coredump
|
||||
|
||||
AddIcon /icons/binary.gif .bin .exe
|
||||
AddIcon /icons/binhex.gif .hqx
|
||||
AddIcon /icons/tar.gif .tar
|
||||
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
|
||||
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
|
||||
AddIcon /icons/a.gif .ps .ai .eps
|
||||
AddIcon /icons/layout.gif .html .shtml .htm .pdf
|
||||
AddIcon /icons/text.gif .txt
|
||||
AddIcon /icons/c.gif .c
|
||||
AddIcon /icons/p.gif .pl .py
|
||||
AddIcon /icons/f.gif .for
|
||||
AddIcon /icons/dvi.gif .dvi
|
||||
AddIcon /icons/uuencoded.gif .uu
|
||||
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
|
||||
AddIcon /icons/tex.gif .tex
|
||||
|
||||
AddIcon /icons/back.gif ..
|
||||
AddIcon /icons/hand.right.gif README
|
||||
AddIcon /icons/folder.gif ^^DIRECTORY^^
|
||||
AddIcon /icons/blank.gif ^^BLANKICON^^
|
||||
|
||||
#
|
||||
# DefaultIcon is which icon to show for files which do not have an icon
|
||||
# explicitly set.
|
||||
#
|
||||
DefaultIcon /icons/unknown.gif
|
||||
|
||||
#
|
||||
# AddDescription allows you to place a short description after a file in
|
||||
# server-generated indexes. These are only displayed for FancyIndexed
|
||||
# directories.
|
||||
# Format: AddDescription "description" filename
|
||||
#
|
||||
#AddDescription "GZIP compressed document" .gz
|
||||
#AddDescription "tar archive" .tar
|
||||
#AddDescription "GZIP compressed tar archive" .tgz
|
||||
|
||||
#
|
||||
# ReadmeName is the name of the README file the server will look for by
|
||||
# default, and append to directory listings.
|
||||
#
|
||||
# HeaderName is the name of a file which should be prepended to
|
||||
# directory indexes.
|
||||
ReadmeName README.html
|
||||
HeaderName HEADER.html
|
||||
|
||||
#
|
||||
# IndexIgnore is a set of filenames which directory indexing should ignore
|
||||
# and not include in the listing. Shell-style wildcarding is permitted.
|
||||
#
|
||||
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
#
|
||||
# The following lines prevent .user.ini files from being viewed by Web clients.
|
||||
#
|
||||
<Files ".user.ini">
|
||||
Require all denied
|
||||
</Files>
|
||||
|
||||
#
|
||||
# Allow php to handle Multiviews
|
||||
#
|
||||
AddType text/html .php
|
||||
|
||||
#
|
||||
# Add index.php to the list of files that will be served as directory
|
||||
# indexes.
|
||||
#
|
||||
DirectoryIndex index.php
|
||||
|
||||
#
|
||||
# Redirect to local php-fpm (no mod_php in default configuration)
|
||||
#
|
||||
<IfModule !mod_php.c>
|
||||
# Enable http authorization headers
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# mod_php is deprecated as FPM is now used by default with httpd in event mode
|
||||
# mod_php is only used when explicitly enabled or httpd switch to prefork mode
|
||||
#
|
||||
# mod_php options
|
||||
#
|
||||
<IfModule mod_php.c>
|
||||
#
|
||||
# Cause the PHP interpreter to handle files with a .php extension.
|
||||
#
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
|
||||
#
|
||||
# Uncomment the following lines to allow PHP to pretty-print .phps
|
||||
# files as PHP source code:
|
||||
#
|
||||
#<FilesMatch \.phps$>
|
||||
# SetHandler application/x-httpd-php-source
|
||||
#</FilesMatch>
|
||||
|
||||
#
|
||||
# Apache specific PHP configuration options
|
||||
# those can be override in each configured vhost
|
||||
#
|
||||
php_value session.save_handler "files"
|
||||
php_value session.save_path "/var/lib/php/session"
|
||||
php_value soap.wsdl_cache_dir "/var/lib/php/wsdlcache"
|
||||
|
||||
#php_value opcache.file_cache "/var/lib/php/opcache"
|
||||
</IfModule>
|
||||
@@ -0,0 +1,219 @@
|
||||
#
|
||||
# When we also provide SSL we have to listen to the
|
||||
# standard HTTPS port in addition.
|
||||
#
|
||||
Listen 443 https
|
||||
|
||||
##
|
||||
## SSL Global Context
|
||||
##
|
||||
## All SSL configuration in this context applies both to
|
||||
## the main server and all SSL-enabled virtual hosts.
|
||||
##
|
||||
|
||||
# Pass Phrase Dialog:
|
||||
# Configure the pass phrase gathering process.
|
||||
# The filtering dialog program (`builtin' is a internal
|
||||
# terminal dialog) has to provide the pass phrase on stdout.
|
||||
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
|
||||
|
||||
# Inter-Process Session Cache:
|
||||
# Configure the SSL Session Cache: First the mechanism
|
||||
# to use and second the expiring timeout (in seconds).
|
||||
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
# Pseudo Random Number Generator (PRNG):
|
||||
# Configure one or more sources to seed the PRNG of the
|
||||
# SSL library. The seed data should be of good random quality.
|
||||
# WARNING! On some platforms /dev/random blocks if not enough entropy
|
||||
# is available. This means you then cannot use the /dev/random device
|
||||
# because it would lead to very long connection times (as long as
|
||||
# it requires to make more entropy available). But usually those
|
||||
# platforms additionally provide a /dev/urandom device which doesn't
|
||||
# block. So, if available, use this one instead. Read the mod_ssl User
|
||||
# Manual for more details.
|
||||
SSLRandomSeed startup file:/dev/urandom 256
|
||||
SSLRandomSeed connect builtin
|
||||
#SSLRandomSeed startup file:/dev/random 512
|
||||
#SSLRandomSeed connect file:/dev/random 512
|
||||
#SSLRandomSeed connect file:/dev/urandom 512
|
||||
|
||||
#
|
||||
# Use "SSLCryptoDevice" to enable any supported hardware
|
||||
# accelerators. Use "openssl engine -v" to list supported
|
||||
# engine names. NOTE: If you enable an accelerator and the
|
||||
# server does not start, consult the error logs and ensure
|
||||
# your accelerator is functioning properly.
|
||||
#
|
||||
SSLCryptoDevice builtin
|
||||
#SSLCryptoDevice ubsec
|
||||
|
||||
##
|
||||
## SSL Virtual Host Context
|
||||
##
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
|
||||
# General setup for the virtual host, inherited from global configuration
|
||||
#DocumentRoot "/var/www/html"
|
||||
#ServerName www.example.com:443
|
||||
|
||||
# Use separate log files for the SSL virtual host; note that LogLevel
|
||||
# is not inherited from httpd.conf.
|
||||
ErrorLog logs/ssl_error_log
|
||||
TransferLog logs/ssl_access_log
|
||||
LogLevel warn
|
||||
|
||||
# SSL Engine Switch:
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# List the protocol versions which clients are allowed to connect with.
|
||||
# The OpenSSL system profile is configured by default. See
|
||||
# update-crypto-policies(8) for more details.
|
||||
#SSLProtocol all -SSLv3
|
||||
#SSLProxyProtocol all -SSLv3
|
||||
|
||||
# User agents such as web browsers are not configured for the user's
|
||||
# own preference of either security or performance, therefore this
|
||||
# must be the prerogative of the web server administrator who manages
|
||||
# cpu load versus confidentiality, so enforce the server's cipher order.
|
||||
SSLHonorCipherOrder on
|
||||
|
||||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
# The OpenSSL system profile is configured by default. See
|
||||
# update-crypto-policies(8) for more details.
|
||||
SSLCipherSuite PROFILE=SYSTEM
|
||||
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||
|
||||
# Point SSLCertificateFile at a PEM encoded certificate. If
|
||||
# the certificate is encrypted, then you will be prompted for a
|
||||
# pass phrase. Note that restarting httpd will prompt again. Keep
|
||||
# in mind that if you have both an RSA and a DSA certificate you
|
||||
# can configure both in parallel (to also allow the use of DSA
|
||||
# ciphers, etc.)
|
||||
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
|
||||
# require an ECC certificate which can also be configured in
|
||||
# parallel.
|
||||
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
||||
|
||||
# Server Private Key:
|
||||
# If the key is not combined with the certificate, use this
|
||||
# directive to point at the key file. Keep in mind that if
|
||||
# you've both a RSA and a DSA private key you can configure
|
||||
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
||||
# ECC keys, when in use, can also be configured in parallel
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
||||
|
||||
# Server Certificate Chain:
|
||||
# Point SSLCertificateChainFile at a file containing the
|
||||
# concatenation of PEM encoded CA certificates which form the
|
||||
# certificate chain for the server certificate. Alternatively
|
||||
# the referenced file can be the same as SSLCertificateFile
|
||||
# when the CA certificates are directly appended to the server
|
||||
# certificate for convenience.
|
||||
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
||||
|
||||
# Certificate Authority (CA):
|
||||
# Set the CA certificate verification path where to find CA
|
||||
# certificates for client authentication or alternatively one
|
||||
# huge file containing all of them (file must be PEM encoded)
|
||||
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
||||
|
||||
# Client Authentication (Type):
|
||||
# Client certificate verification type and depth. Types are
|
||||
# none, optional, require and optional_no_ca. Depth is a
|
||||
# number which specifies how deeply to verify the certificate
|
||||
# issuer chain before deciding the certificate is not valid.
|
||||
#SSLVerifyClient require
|
||||
#SSLVerifyDepth 10
|
||||
|
||||
# Access Control:
|
||||
# With SSLRequire you can do per-directory access control based
|
||||
# on arbitrary complex boolean expressions containing server
|
||||
# variable checks and other lookup directives. The syntax is a
|
||||
# mixture between C and Perl. See the mod_ssl documentation
|
||||
# for more details.
|
||||
#<Location />
|
||||
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
|
||||
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
|
||||
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
|
||||
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
|
||||
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
|
||||
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
|
||||
#</Location>
|
||||
|
||||
# SSL Engine Options:
|
||||
# Set various options for the SSL engine.
|
||||
# o FakeBasicAuth:
|
||||
# Translate the client X.509 into a Basic Authorisation. This means that
|
||||
# the standard Auth/DBMAuth methods can be used for access control. The
|
||||
# user name is the `one line' version of the client's X.509 certificate.
|
||||
# Note that no password is obtained from the user. Every entry in the user
|
||||
# file needs this password: `xxj31ZMTZzkVA'.
|
||||
# o ExportCertData:
|
||||
# This exports two additional environment variables: SSL_CLIENT_CERT and
|
||||
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
|
||||
# server (always existing) and the client (only existing when client
|
||||
# authentication is used). This can be used to import the certificates
|
||||
# into CGI scripts.
|
||||
# o StdEnvVars:
|
||||
# This exports the standard SSL/TLS related `SSL_*' environment variables.
|
||||
# Per default this exportation is switched off for performance reasons,
|
||||
# because the extraction step is an expensive operation and is usually
|
||||
# useless for serving static content. So one usually enables the
|
||||
# exportation for CGI and SSI requests only.
|
||||
# o StrictRequire:
|
||||
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
|
||||
# under a "Satisfy any" situation, i.e. when it applies access is denied
|
||||
# and no other module can change it.
|
||||
# o OptRenegotiate:
|
||||
# This enables optimized SSL connection renegotiation handling when SSL
|
||||
# directives are used in per-directory context.
|
||||
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory "/var/www/cgi-bin">
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
# SSL Protocol Adjustments:
|
||||
# The safe and default but still SSL/TLS standard compliant shutdown
|
||||
# approach is that mod_ssl sends the close notify alert but doesn't wait for
|
||||
# the close notify alert from client. When you need a different shutdown
|
||||
# approach you can use one of the following variables:
|
||||
# o ssl-unclean-shutdown:
|
||||
# This forces an unclean shutdown when the connection is closed, i.e. no
|
||||
# SSL close notify alert is sent or allowed to be received. This violates
|
||||
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
|
||||
# this when you receive I/O errors because of the standard approach where
|
||||
# mod_ssl sends the close notify alert.
|
||||
# o ssl-accurate-shutdown:
|
||||
# This forces an accurate shutdown when the connection is closed, i.e. a
|
||||
# SSL close notify alert is sent and mod_ssl waits for the close notify
|
||||
# alert of the client. This is 100% SSL/TLS standard compliant, but in
|
||||
# practice often causes hanging connections with brain-dead browsers. Use
|
||||
# this only for browsers where you know that their SSL implementation
|
||||
# works correctly.
|
||||
# Notice: Most problems of broken clients are also related to the HTTP
|
||||
# keep-alive facility, so you usually additionally want to disable
|
||||
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
|
||||
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
|
||||
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
|
||||
# "force-response-1.0" for this.
|
||||
BrowserMatch "MSIE [2-5]" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
|
||||
# Per-Server Logging:
|
||||
# The home of a custom SSL log file. Use this when you want a
|
||||
# compact non-error SSL logfile on a virtual host basis.
|
||||
CustomLog logs/ssl_request_log \
|
||||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
#
|
||||
# UserDir: The name of the directory that is appended onto a user's home
|
||||
# directory if a ~user request is received.
|
||||
#
|
||||
# The path to the end user account 'public_html' directory must be
|
||||
# accessible to the webserver userid. This usually means that ~userid
|
||||
# must have permissions of 711, ~userid/public_html must have permissions
|
||||
# of 755, and documents contained therein must be world-readable.
|
||||
# Otherwise, the client will only receive a "403 Forbidden" message.
|
||||
#
|
||||
<IfModule mod_userdir.c>
|
||||
#
|
||||
# UserDir is disabled by default since it can confirm the presence
|
||||
# of a username on the system (depending on home directory
|
||||
# permissions).
|
||||
#
|
||||
UserDir disabled
|
||||
|
||||
#
|
||||
# To enable requests to /~user/ to serve the user's public_html
|
||||
# directory, remove the "UserDir disabled" line above, and uncomment
|
||||
# the following line instead:
|
||||
#
|
||||
#UserDir public_html
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# Control access to UserDir directories. The following is an example
|
||||
# for a site where these directories are restricted to read-only.
|
||||
#
|
||||
<Directory "/home/*/public_html">
|
||||
AllowOverride FileInfo AuthConfig Limit Indexes
|
||||
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
||||
Require method GET POST OPTIONS
|
||||
</Directory>
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
MDBaseServer on
|
||||
MDCertificateAgreement accepted
|
||||
MDCertificateAuthority {{ lets_encrypt_url }}
|
||||
MDContactEmail {{ lets_encrypt_admin }}
|
||||
MDPrivateKeys secp384r1 secp256r1 RSA 4096
|
||||
MDRequireHttps temporary
|
||||
MDStoreDir md
|
||||
|
||||
<Directory "/srv/http">
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
{% for item in http_vhost %}
|
||||
<Directory "/srv/http/{{ item.fqdn }}">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName {{ item.fqdn }}
|
||||
{% if item.aliases is defined %}
|
||||
{% for item_alias in item.aliases %}
|
||||
ServerAlias {{ item_alias }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
ServerAdmin webmaster@{{ item.fqdn }}
|
||||
DocumentRoot /srv/http/{{ item.fqdn }}
|
||||
{% if item.redirect is defined %}
|
||||
RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }}
|
||||
{% endif %}
|
||||
</VirtualHost>
|
||||
|
||||
MDomain {{ item.fqdn }}
|
||||
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLProtocol all -TLSv1.1
|
||||
SSLProxyProtocol all -TLSv1.1
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite PROFILE=SYSTEM
|
||||
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||
ServerName {{ item.fqdn }}
|
||||
{% if item.aliases is defined %}
|
||||
{% for item_alias in item.aliases %}
|
||||
ServerAlias {{ item_alias }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
ServerAdmin webmaster@{{ item.fqdn }}
|
||||
DocumentRoot /srv/http/{{ item.fqdn }}
|
||||
Alias /error/ "/var/www/error/"
|
||||
{% if item.proxy is defined %}
|
||||
ProxyPass "/.well-known" "!"
|
||||
ProxyPass "/phpMyAdmin" "!"
|
||||
ProxyPass "/phpmyadmin" "!"
|
||||
ProxyPass "/" "{{ item.proxy }}"
|
||||
ProxyPassReverse "/" "{{ item.proxy }}"
|
||||
ProxyTimeout 300
|
||||
{% endif %}
|
||||
{% if item.rewrite is defined %}
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||||
RewriteCond %{HTTP:Connection} upgrade [NC]
|
||||
RewriteRule ^/?(.*) ws://{{ item.proxy }}/$1 [P,L]
|
||||
{% endif %}
|
||||
{% if item.redirect is defined %}
|
||||
RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }}
|
||||
{% endif %}
|
||||
<Location /.env>
|
||||
Require all denied
|
||||
</Location>
|
||||
<Location /.git>
|
||||
Require all denied
|
||||
</Location>
|
||||
</VirtualHost>
|
||||
|
||||
{% endfor %}
|
||||
@@ -0,0 +1,20 @@
|
||||
#
|
||||
# This configuration file enables the default "Welcome" page if there
|
||||
# is no default index page present for the root URL. To disable the
|
||||
# Welcome page, comment out all the lines below.
|
||||
#
|
||||
# NOTE: if this file is removed, it will be restored on upgrades.
|
||||
#
|
||||
<LocationMatch "^/+$">
|
||||
Options -Indexes
|
||||
ErrorDocument 403 /.noindex.html
|
||||
</LocationMatch>
|
||||
|
||||
<Directory /usr/share/httpd/noindex>
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
Alias /.noindex.html /usr/share/httpd/noindex/index.html
|
||||
Alias /poweredby.png /usr/share/httpd/icons/apache_pb3.png
|
||||
Alias /system_noindex_logo.png /usr/share/httpd/icons/system_noindex_logo.png
|
||||
@@ -0,0 +1,69 @@
|
||||
#
|
||||
# This file loads most of the modules included with the Apache HTTP
|
||||
# Server itself.
|
||||
#
|
||||
|
||||
LoadModule access_compat_module modules/mod_access_compat.so
|
||||
LoadModule actions_module modules/mod_actions.so
|
||||
LoadModule alias_module modules/mod_alias.so
|
||||
LoadModule allowmethods_module modules/mod_allowmethods.so
|
||||
LoadModule auth_basic_module modules/mod_auth_basic.so
|
||||
LoadModule auth_digest_module modules/mod_auth_digest.so
|
||||
LoadModule authn_anon_module modules/mod_authn_anon.so
|
||||
LoadModule authn_core_module modules/mod_authn_core.so
|
||||
LoadModule authn_dbd_module modules/mod_authn_dbd.so
|
||||
LoadModule authn_dbm_module modules/mod_authn_dbm.so
|
||||
LoadModule authn_file_module modules/mod_authn_file.so
|
||||
LoadModule authn_socache_module modules/mod_authn_socache.so
|
||||
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
|
||||
LoadModule authz_core_module modules/mod_authz_core.so
|
||||
LoadModule authz_dbd_module modules/mod_authz_dbd.so
|
||||
LoadModule authz_dbm_module modules/mod_authz_dbm.so
|
||||
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
|
||||
LoadModule authz_host_module modules/mod_authz_host.so
|
||||
LoadModule authz_owner_module modules/mod_authz_owner.so
|
||||
LoadModule authz_user_module modules/mod_authz_user.so
|
||||
LoadModule autoindex_module modules/mod_autoindex.so
|
||||
LoadModule cache_module modules/mod_cache.so
|
||||
LoadModule cache_disk_module modules/mod_cache_disk.so
|
||||
LoadModule cache_socache_module modules/mod_cache_socache.so
|
||||
LoadModule data_module modules/mod_data.so
|
||||
LoadModule dbd_module modules/mod_dbd.so
|
||||
LoadModule deflate_module modules/mod_deflate.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
LoadModule dumpio_module modules/mod_dumpio.so
|
||||
LoadModule echo_module modules/mod_echo.so
|
||||
LoadModule env_module modules/mod_env.so
|
||||
LoadModule expires_module modules/mod_expires.so
|
||||
LoadModule ext_filter_module modules/mod_ext_filter.so
|
||||
LoadModule filter_module modules/mod_filter.so
|
||||
LoadModule headers_module modules/mod_headers.so
|
||||
LoadModule include_module modules/mod_include.so
|
||||
LoadModule info_module modules/mod_info.so
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
LoadModule logio_module modules/mod_logio.so
|
||||
LoadModule macro_module modules/mod_macro.so
|
||||
LoadModule mime_magic_module modules/mod_mime_magic.so
|
||||
LoadModule mime_module modules/mod_mime.so
|
||||
LoadModule negotiation_module modules/mod_negotiation.so
|
||||
LoadModule remoteip_module modules/mod_remoteip.so
|
||||
LoadModule reqtimeout_module modules/mod_reqtimeout.so
|
||||
LoadModule request_module modules/mod_request.so
|
||||
LoadModule rewrite_module modules/mod_rewrite.so
|
||||
LoadModule setenvif_module modules/mod_setenvif.so
|
||||
LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
|
||||
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
|
||||
LoadModule socache_dbm_module modules/mod_socache_dbm.so
|
||||
LoadModule socache_memcache_module modules/mod_socache_memcache.so
|
||||
LoadModule socache_redis_module modules/mod_socache_redis.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
LoadModule status_module modules/mod_status.so
|
||||
LoadModule substitute_module modules/mod_substitute.so
|
||||
LoadModule suexec_module modules/mod_suexec.so
|
||||
LoadModule unique_id_module modules/mod_unique_id.so
|
||||
LoadModule unixd_module modules/mod_unixd.so
|
||||
LoadModule userdir_module modules/mod_userdir.so
|
||||
LoadModule version_module modules/mod_version.so
|
||||
LoadModule vhost_alias_module modules/mod_vhost_alias.so
|
||||
LoadModule watchdog_module modules/mod_watchdog.so
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
LoadModule brotli_module modules/mod_brotli.so
|
||||
@@ -0,0 +1,3 @@
|
||||
LoadModule dav_module modules/mod_dav.so
|
||||
LoadModule dav_fs_module modules/mod_dav_fs.so
|
||||
LoadModule dav_lock_module modules/mod_dav_lock.so
|
||||
@@ -0,0 +1 @@
|
||||
LoadModule lua_module modules/mod_lua.so
|
||||
@@ -0,0 +1,23 @@
|
||||
# Select the MPM module which should be used by uncommenting exactly
|
||||
# one of the following LoadModule lines. See the httpd.conf(5) man
|
||||
# page for more information on changing the MPM.
|
||||
|
||||
# prefork MPM: Implements a non-threaded, pre-forking web server
|
||||
# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
|
||||
#
|
||||
# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux
|
||||
# boolean should be enabled, to allow graceful stop/shutdown.
|
||||
#
|
||||
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
||||
|
||||
# worker MPM: Multi-Processing Module implementing a hybrid
|
||||
# multi-threaded multi-process web server
|
||||
# See: http://httpd.apache.org/docs/2.4/mod/worker.html
|
||||
#
|
||||
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
|
||||
|
||||
# event MPM: A variant of the worker MPM with the goal of consuming
|
||||
# threads only for connections with active processing
|
||||
# See: http://httpd.apache.org/docs/2.4/mod/event.html
|
||||
#
|
||||
LoadModule mpm_event_module modules/mod_mpm_event.so
|
||||
@@ -0,0 +1,18 @@
|
||||
#
|
||||
# This file lists modules included with the Apache HTTP Server
|
||||
# which are not enabled by default.
|
||||
#
|
||||
|
||||
#LoadModule asis_module modules/mod_asis.so
|
||||
#LoadModule buffer_module modules/mod_buffer.so
|
||||
#LoadModule heartbeat_module modules/mod_heartbeat.so
|
||||
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
|
||||
#LoadModule usertrack_module modules/mod_usertrack.so
|
||||
#LoadModule dialup_module modules/mod_dialup.so
|
||||
#LoadModule charset_lite_module modules/mod_charset_lite.so
|
||||
#LoadModule log_debug_module modules/mod_log_debug.so
|
||||
#LoadModule log_forensic_module modules/mod_log_forensic.so
|
||||
#LoadModule ratelimit_module modules/mod_ratelimit.so
|
||||
#LoadModule reflector_module modules/mod_reflector.so
|
||||
#LoadModule sed_module modules/mod_sed.so
|
||||
#LoadModule speling_module modules/mod_speling.so
|
||||
@@ -0,0 +1,18 @@
|
||||
# This file configures all the proxy modules:
|
||||
LoadModule proxy_module modules/mod_proxy.so
|
||||
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
|
||||
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
|
||||
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
|
||||
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
|
||||
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
|
||||
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
|
||||
LoadModule proxy_connect_module modules/mod_proxy_connect.so
|
||||
LoadModule proxy_express_module modules/mod_proxy_express.so
|
||||
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
|
||||
LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
|
||||
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
|
||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
|
||||
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
|
||||
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
||||
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
|
||||
@@ -0,0 +1 @@
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
@@ -0,0 +1,2 @@
|
||||
# This file configures systemd module:
|
||||
LoadModule systemd_module modules/mod_systemd.so
|
||||
@@ -0,0 +1,11 @@
|
||||
# This configuration file loads a CGI module appropriate to the MPM
|
||||
# which has been configured in 00-mpm.conf. mod_cgid should be used
|
||||
# with a threaded MPM; mod_cgi with the prefork MPM.
|
||||
|
||||
<IfModule !mpm_prefork_module>
|
||||
LoadModule cgid_module modules/mod_cgid.so
|
||||
</IfModule>
|
||||
<IfModule mpm_prefork_module>
|
||||
LoadModule cgi_module modules/mod_cgi.so
|
||||
</IfModule>
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
LoadModule md_module modules/mod_md.so
|
||||
@@ -0,0 +1 @@
|
||||
LoadModule http2_module modules/mod_http2.so
|
||||
@@ -0,0 +1 @@
|
||||
LoadModule proxy_http2_module modules/mod_proxy_http2.so
|
||||
@@ -0,0 +1,10 @@
|
||||
|
||||
This directory holds configuration files for the Apache HTTP Server;
|
||||
any files in this directory which have the ".conf" extension will be
|
||||
processed as httpd configuration files. This directory contains
|
||||
configuration fragments necessary only to load modules.
|
||||
Administrators should use the directory "/etc/httpd/conf.d" to modify
|
||||
the configuration of httpd, or any modules.
|
||||
|
||||
Files are processed in sorted order and should have a two digit
|
||||
numeric prefix. See httpd.conf(5) for more information.
|
||||
@@ -0,0 +1,374 @@
|
||||
#
|
||||
# This is the main Apache HTTP server configuration file. It contains the
|
||||
# configuration directives that give the server its instructions.
|
||||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
|
||||
# In particular, see
|
||||
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
|
||||
# for a discussion of each configuration directive.
|
||||
#
|
||||
# See the httpd.conf(5) man page for more information on this configuration,
|
||||
# and httpd.service(8) on using and configuring the httpd service.
|
||||
#
|
||||
# Do NOT simply read the instructions in here without understanding
|
||||
# what they do. They're here only as hints or reminders. If you are unsure
|
||||
# consult the online docs. You have been warned.
|
||||
#
|
||||
# Configuration and logfile names: If the filenames you specify for many
|
||||
# of the server's control files begin with "/" (or "drive:/" for Win32), the
|
||||
# server will use that explicit path. If the filenames do *not* begin
|
||||
# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
|
||||
# with ServerRoot set to '/www' will be interpreted by the
|
||||
# server as '/www/log/access_log', where as '/log/access_log' will be
|
||||
# interpreted as '/log/access_log'.
|
||||
|
||||
#
|
||||
# ServerRoot: The top of the directory tree under which the server's
|
||||
# configuration, error, and log files are kept.
|
||||
#
|
||||
# Do not add a slash at the end of the directory path. If you point
|
||||
# ServerRoot at a non-local disk, be sure to specify a local disk on the
|
||||
# Mutex directive, if file-based mutexes are used. If you wish to share the
|
||||
# same ServerRoot for multiple httpd daemons, you will need to change at
|
||||
# least PidFile.
|
||||
#
|
||||
ServerRoot "/etc/httpd"
|
||||
|
||||
#
|
||||
# Listen: Allows you to bind Apache to specific IP addresses and/or
|
||||
# ports, instead of the default. See also the <VirtualHost>
|
||||
# directive.
|
||||
#
|
||||
# Change this to Listen on a specific IP address, but note that if
|
||||
# httpd.service is enabled to run at boot time, the address may not be
|
||||
# available when the service starts. See the httpd.service(8) man
|
||||
# page for more information.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
#
|
||||
# To be able to use the functionality of a module which was built as a DSO you
|
||||
# have to place corresponding `LoadModule' lines at this location so the
|
||||
# directives contained in it are actually available _before_ they are used.
|
||||
# Statically compiled modules (those listed by `httpd -l') do not need
|
||||
# to be loaded here.
|
||||
#
|
||||
# Example:
|
||||
# LoadModule foo_module modules/mod_foo.so
|
||||
#
|
||||
Include conf.modules.d/*.conf
|
||||
|
||||
#
|
||||
# If you wish httpd to run as a different user or group, you must run
|
||||
# httpd as root initially and it will switch.
|
||||
#
|
||||
# User/Group: The name (or #number) of the user/group to run httpd as.
|
||||
# It is usually good practice to create a dedicated user and group for
|
||||
# running httpd, as with most system services.
|
||||
#
|
||||
User apache
|
||||
Group apache
|
||||
|
||||
# 'Main' server configuration
|
||||
#
|
||||
# The directives in this section set up the values used by the 'main'
|
||||
# server, which responds to any requests that aren't handled by a
|
||||
# <VirtualHost> definition. These values also provide defaults for
|
||||
# any <VirtualHost> containers you may define later in the file.
|
||||
#
|
||||
# All of these directives may appear inside <VirtualHost> containers,
|
||||
# in which case these default settings will be overridden for the
|
||||
# virtual host being defined.
|
||||
#
|
||||
|
||||
#
|
||||
# ServerAdmin: Your address, where problems with the server should be
|
||||
# e-mailed. This address appears on some server-generated pages, such
|
||||
# as error documents. e.g. admin@your-domain.com
|
||||
#
|
||||
ServerAdmin root@localhost
|
||||
|
||||
#
|
||||
# ServerName gives the name and port that the server uses to identify itself.
|
||||
# This can often be determined automatically, but we recommend you specify
|
||||
# it explicitly to prevent problems during startup.
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
#ServerName www.example.com:80
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
# explicitly permit access to web content directories in other
|
||||
# <Directory> blocks below.
|
||||
#
|
||||
<Directory />
|
||||
AllowOverride none
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# Note that from this point forward you must specifically allow
|
||||
# particular features to be enabled - so if something's not working as
|
||||
# you might expect, make sure that you have specifically enabled it
|
||||
# below.
|
||||
#
|
||||
|
||||
#
|
||||
# DocumentRoot: The directory out of which you will serve your
|
||||
# documents. By default, all requests are taken from this directory, but
|
||||
# symbolic links and aliases may be used to point to other locations.
|
||||
#
|
||||
DocumentRoot "/var/www/html"
|
||||
|
||||
#
|
||||
# Relax access to content within /var/www.
|
||||
#
|
||||
<Directory "/var/www">
|
||||
AllowOverride None
|
||||
# Allow open access:
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
# Further relax access to the default document root:
|
||||
<Directory "/var/www/html">
|
||||
#
|
||||
# Possible values for the Options directive are "None", "All",
|
||||
# or any combination of:
|
||||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
|
||||
#
|
||||
# Note that "MultiViews" must be named *explicitly* --- "Options All"
|
||||
# doesn't give it to you.
|
||||
#
|
||||
# The Options directive is both complicated and important. Please see
|
||||
# http://httpd.apache.org/docs/2.4/mod/core.html#options
|
||||
# for more information.
|
||||
#
|
||||
Options Indexes FollowSymLinks
|
||||
|
||||
#
|
||||
# AllowOverride controls what directives may be placed in .htaccess files.
|
||||
# It can be "All", "None", or any combination of the keywords:
|
||||
# AllowOverride FileInfo AuthConfig Limit
|
||||
#
|
||||
AllowOverride None
|
||||
|
||||
#
|
||||
# Controls who can get stuff from this server.
|
||||
#
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# DirectoryIndex: sets the file that Apache will serve if a directory
|
||||
# is requested.
|
||||
#
|
||||
<IfModule dir_module>
|
||||
DirectoryIndex index.html
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The following lines prevent .htaccess and .htpasswd files from being
|
||||
# viewed by Web clients.
|
||||
#
|
||||
<Files ".ht*">
|
||||
Require all denied
|
||||
</Files>
|
||||
|
||||
#
|
||||
# ErrorLog: The location of the error log file.
|
||||
# If you do not specify an ErrorLog directive within a <VirtualHost>
|
||||
# container, error messages relating to that virtual host will be
|
||||
# logged here. If you *do* define an error logfile for a <VirtualHost>
|
||||
# container, that host's errors will be logged there and not here.
|
||||
#
|
||||
ErrorLog "logs/error_log"
|
||||
|
||||
#
|
||||
# LogLevel: Control the number of messages logged to the error_log.
|
||||
# Possible values include: debug, info, notice, warn, error, crit,
|
||||
# alert, emerg.
|
||||
#
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
#
|
||||
# The following directives define some format nicknames for use with
|
||||
# a CustomLog directive (see below).
|
||||
#
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
|
||||
<IfModule logio_module>
|
||||
# You need to enable mod_logio.c to use %I and %O
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The location and format of the access logfile (Common Logfile Format).
|
||||
# If you do not define any access logfiles within a <VirtualHost>
|
||||
# container, they will be logged here. Contrariwise, if you *do*
|
||||
# define per-<VirtualHost> access logfiles, transactions will be
|
||||
# logged therein and *not* in this file.
|
||||
#
|
||||
#CustomLog "logs/access_log" common
|
||||
|
||||
#
|
||||
# If you prefer a logfile with access, agent, and referer information
|
||||
# (Combined Logfile Format) you can use the following directive.
|
||||
#
|
||||
CustomLog "logs/access_log" combined
|
||||
</IfModule>
|
||||
|
||||
<IfModule alias_module>
|
||||
#
|
||||
# Redirect: Allows you to tell clients about documents that used to
|
||||
# exist in your server's namespace, but do not anymore. The client
|
||||
# will make a new request for the document at its new location.
|
||||
# Example:
|
||||
# Redirect permanent /foo http://www.example.com/bar
|
||||
|
||||
#
|
||||
# Alias: Maps web paths into filesystem paths and is used to
|
||||
# access content that does not live under the DocumentRoot.
|
||||
# Example:
|
||||
# Alias /webpath /full/filesystem/path
|
||||
#
|
||||
# If you include a trailing / on /webpath then the server will
|
||||
# require it to be present in the URL. You will also likely
|
||||
# need to provide a <Directory> section to allow access to
|
||||
# the filesystem path.
|
||||
|
||||
#
|
||||
# ScriptAlias: This controls which directories contain server scripts.
|
||||
# ScriptAliases are essentially the same as Aliases, except that
|
||||
# documents in the target directory are treated as applications and
|
||||
# run by the server when requested rather than as documents sent to the
|
||||
# client. The same rules about trailing "/" apply to ScriptAlias
|
||||
# directives as to Alias.
|
||||
#
|
||||
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
|
||||
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
|
||||
# CGI directory exists, if you have that configured.
|
||||
#
|
||||
<Directory "/var/www/cgi-bin">
|
||||
AllowOverride None
|
||||
Options None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<IfModule headers_module>
|
||||
#
|
||||
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
|
||||
# backend servers which have lingering "httpoxy" defects.
|
||||
# 'Proxy' request header is undefined by the IETF, not listed by IANA
|
||||
#
|
||||
RequestHeader unset Proxy early
|
||||
</IfModule>
|
||||
|
||||
<IfModule mime_module>
|
||||
#
|
||||
# TypesConfig points to the file containing the list of mappings from
|
||||
# filename extension to MIME-type.
|
||||
#
|
||||
TypesConfig /etc/mime.types
|
||||
|
||||
#
|
||||
# AddType allows you to add to or override the MIME configuration
|
||||
# file specified in TypesConfig for specific file types.
|
||||
#
|
||||
#AddType application/x-gzip .tgz
|
||||
#
|
||||
# AddEncoding allows you to have certain browsers uncompress
|
||||
# information on the fly. Note: Not all browsers support this.
|
||||
#
|
||||
#AddEncoding x-compress .Z
|
||||
#AddEncoding x-gzip .gz .tgz
|
||||
#
|
||||
# If the AddEncoding directives above are commented-out, then you
|
||||
# probably should define those extensions to indicate media types:
|
||||
#
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
|
||||
#
|
||||
# AddHandler allows you to map certain file extensions to "handlers":
|
||||
# actions unrelated to filetype. These can be either built into the server
|
||||
# or added with the Action directive (see below)
|
||||
#
|
||||
# To use CGI scripts outside of ScriptAliased directories:
|
||||
# (You will also need to add "ExecCGI" to the "Options" directive.)
|
||||
#
|
||||
#AddHandler cgi-script .cgi
|
||||
|
||||
# For type maps (negotiated resources):
|
||||
#AddHandler type-map var
|
||||
|
||||
#
|
||||
# Filters allow you to process content before it is sent to the client.
|
||||
#
|
||||
# To parse .shtml files for server-side includes (SSI):
|
||||
# (You will also need to add "Includes" to the "Options" directive.)
|
||||
#
|
||||
AddType text/html .shtml
|
||||
AddOutputFilter INCLUDES .shtml
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# Specify a default charset for all content served; this enables
|
||||
# interpretation of all content as UTF-8 by default. To use the
|
||||
# default browser choice (ISO-8859-1), or to allow the META tags
|
||||
# in HTML content to override this choice, comment out this
|
||||
# directive:
|
||||
#
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule mime_magic_module>
|
||||
#
|
||||
# The mod_mime_magic module allows the server to use various hints from the
|
||||
# contents of the file itself to determine its type. The MIMEMagicFile
|
||||
# directive tells the module where the hint definitions are located.
|
||||
#
|
||||
MIMEMagicFile conf/magic
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# Customizable error responses come in three flavors:
|
||||
# 1) plain text 2) local redirects 3) external redirects
|
||||
#
|
||||
# Some examples:
|
||||
#ErrorDocument 500 "The server made a boo boo."
|
||||
#ErrorDocument 404 /missing.html
|
||||
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
|
||||
#ErrorDocument 402 http://www.example.com/subscription_info.html
|
||||
#
|
||||
|
||||
#
|
||||
# MaxRanges: Maximum number of Ranges in a request before
|
||||
# returning the entire resource, or one of the special
|
||||
# values 'default', 'none' or 'unlimited'.
|
||||
# Default setting is to accept 200 Ranges.
|
||||
#MaxRanges unlimited
|
||||
|
||||
#
|
||||
# EnableMMAP and EnableSendfile: On systems that support it,
|
||||
# memory-mapping or the sendfile syscall may be used to deliver
|
||||
# files. This usually improves server performance, but must
|
||||
# be turned off when serving from networked-mounted
|
||||
# filesystems or if support for these functions is otherwise
|
||||
# broken on your system.
|
||||
# Defaults if commented: EnableMMAP On, EnableSendfile Off
|
||||
#
|
||||
#EnableMMAP off
|
||||
EnableSendfile on
|
||||
|
||||
# Supplemental configuration
|
||||
#
|
||||
# Load config files in the "/etc/httpd/conf.d" directory, if any.
|
||||
IncludeOptional conf.d/*.conf
|
||||
@@ -0,0 +1,397 @@
|
||||
# Magic data for mod_mime_magic Apache module (originally for file(1) command)
|
||||
# The module is described in /manual/mod/mod_mime_magic.html
|
||||
#
|
||||
# The format is 4-5 columns:
|
||||
# Column #1: byte number to begin checking from, ">" indicates continuation
|
||||
# Column #2: type of data to match
|
||||
# Column #3: contents of data to match
|
||||
# Column #4: MIME type of result
|
||||
# Column #5: MIME encoding of result (optional)
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Localstuff: file(1) magic for locally observed files
|
||||
# Add any locally observed files here.
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# end local stuff
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Java
|
||||
|
||||
0 short 0xcafe
|
||||
>2 short 0xbabe application/java
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# audio: file(1) magic for sound formats
|
||||
#
|
||||
# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
|
||||
#
|
||||
|
||||
# Sun/NeXT audio data
|
||||
0 string .snd
|
||||
>12 belong 1 audio/basic
|
||||
>12 belong 2 audio/basic
|
||||
>12 belong 3 audio/basic
|
||||
>12 belong 4 audio/basic
|
||||
>12 belong 5 audio/basic
|
||||
>12 belong 6 audio/basic
|
||||
>12 belong 7 audio/basic
|
||||
|
||||
>12 belong 23 audio/x-adpcm
|
||||
|
||||
# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
|
||||
# that uses little-endian encoding and has a different magic number
|
||||
# (0x0064732E in little-endian encoding).
|
||||
0 lelong 0x0064732E
|
||||
>12 lelong 1 audio/x-dec-basic
|
||||
>12 lelong 2 audio/x-dec-basic
|
||||
>12 lelong 3 audio/x-dec-basic
|
||||
>12 lelong 4 audio/x-dec-basic
|
||||
>12 lelong 5 audio/x-dec-basic
|
||||
>12 lelong 6 audio/x-dec-basic
|
||||
>12 lelong 7 audio/x-dec-basic
|
||||
# compressed (G.721 ADPCM)
|
||||
>12 lelong 23 audio/x-dec-adpcm
|
||||
|
||||
# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
|
||||
# AIFF audio data
|
||||
8 string AIFF audio/x-aiff
|
||||
# AIFF-C audio data
|
||||
8 string AIFC audio/x-aiff
|
||||
# IFF/8SVX audio data
|
||||
8 string 8SVX audio/x-aiff
|
||||
|
||||
# Creative Labs AUDIO stuff
|
||||
# Standard MIDI data
|
||||
0 string MThd audio/unknown
|
||||
#>9 byte >0 (format %d)
|
||||
#>11 byte >1 using %d channels
|
||||
# Creative Music (CMF) data
|
||||
0 string CTMF audio/unknown
|
||||
# SoundBlaster instrument data
|
||||
0 string SBI audio/unknown
|
||||
# Creative Labs voice data
|
||||
0 string Creative\ Voice\ File audio/unknown
|
||||
## is this next line right? it came this way...
|
||||
#>19 byte 0x1A
|
||||
#>23 byte >0 - version %d
|
||||
#>22 byte >0 \b.%d
|
||||
|
||||
# [GRR 950115: is this also Creative Labs? Guessing that first line
|
||||
# should be string instead of unknown-endian long...]
|
||||
#0 long 0x4e54524b MultiTrack sound data
|
||||
#0 string NTRK MultiTrack sound data
|
||||
#>4 long x - version %ld
|
||||
|
||||
# Microsoft WAVE format (*.wav)
|
||||
# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
|
||||
# Microsoft RIFF
|
||||
0 string RIFF
|
||||
# - WAVE format
|
||||
>8 string WAVE audio/x-wav
|
||||
# MPEG audio.
|
||||
0 beshort&0xfff0 0xfff0 audio/mpeg
|
||||
# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
|
||||
0 string PSID audio/prs.sid
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# c-lang: file(1) magic for C programs or various scripts
|
||||
#
|
||||
|
||||
# XPM icons (Greg Roelofs, newt@uchicago.edu)
|
||||
# ideally should go into "images", but entries below would tag XPM as C source
|
||||
0 string /*\ XPM image/x-xbm 7bit
|
||||
|
||||
# this first will upset you if you're a PL/1 shop... (are there any left?)
|
||||
# in which case rm it; ascmagic will catch real C programs
|
||||
# C or REXX program text
|
||||
0 string /* text/plain
|
||||
# C++ program text
|
||||
0 string // text/plain
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# compress: file(1) magic for pure-compression formats (no archives)
|
||||
#
|
||||
# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
|
||||
#
|
||||
# Formats for various forms of compressed data
|
||||
# Formats for "compress" proper have been moved into "compress.c",
|
||||
# because it tries to uncompress it to figure out what's inside.
|
||||
|
||||
# standard unix compress
|
||||
0 string \037\235 application/octet-stream x-compress
|
||||
|
||||
# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
|
||||
0 string \037\213 application/octet-stream x-gzip
|
||||
|
||||
# According to gzip.h, this is the correct byte order for packed data.
|
||||
0 string \037\036 application/octet-stream
|
||||
#
|
||||
# This magic number is byte-order-independent.
|
||||
#
|
||||
0 short 017437 application/octet-stream
|
||||
|
||||
# XXX - why *two* entries for "compacted data", one of which is
|
||||
# byte-order independent, and one of which is byte-order dependent?
|
||||
#
|
||||
# compacted data
|
||||
0 short 0x1fff application/octet-stream
|
||||
0 string \377\037 application/octet-stream
|
||||
# huf output
|
||||
0 short 0145405 application/octet-stream
|
||||
|
||||
# Squeeze and Crunch...
|
||||
# These numbers were gleaned from the Unix versions of the programs to
|
||||
# handle these formats. Note that I can only uncrunch, not crunch, and
|
||||
# I didn't have a crunched file handy, so the crunch number is untested.
|
||||
# Keith Waclena <keith@cerberus.uchicago.edu>
|
||||
#0 leshort 0x76FF squeezed data (CP/M, DOS)
|
||||
#0 leshort 0x76FE crunched data (CP/M, DOS)
|
||||
|
||||
# Freeze
|
||||
#0 string \037\237 Frozen file 2.1
|
||||
#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
|
||||
|
||||
# lzh?
|
||||
#0 string \037\240 LZH compressed data
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# frame: file(1) magic for FrameMaker files
|
||||
#
|
||||
# This stuff came on a FrameMaker demo tape, most of which is
|
||||
# copyright, but this file is "published" as witness the following:
|
||||
#
|
||||
0 string \<MakerFile application/x-frame
|
||||
0 string \<MIFFile application/x-frame
|
||||
0 string \<MakerDictionary application/x-frame
|
||||
0 string \<MakerScreenFon application/x-frame
|
||||
0 string \<MML application/x-frame
|
||||
0 string \<Book application/x-frame
|
||||
0 string \<Maker application/x-frame
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# html: file(1) magic for HTML (HyperText Markup Language) docs
|
||||
#
|
||||
# from Daniel Quinlan <quinlan@yggdrasil.com>
|
||||
# and Anna Shergold <anna@inext.co.uk>
|
||||
#
|
||||
0 string \<!DOCTYPE\ HTML text/html
|
||||
0 string \<!doctype\ html text/html
|
||||
0 string \<HEAD text/html
|
||||
0 string \<head text/html
|
||||
0 string \<TITLE text/html
|
||||
0 string \<title text/html
|
||||
0 string \<html text/html
|
||||
0 string \<HTML text/html
|
||||
0 string \<!-- text/html
|
||||
0 string \<h1 text/html
|
||||
0 string \<H1 text/html
|
||||
|
||||
# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
|
||||
0 string \<?xml text/xml
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
|
||||
#
|
||||
# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
|
||||
# additions by janl@ifi.uio.no as well as others. Jan also suggested
|
||||
# merging several one- and two-line files into here.
|
||||
#
|
||||
# XXX - byte order for GIF and TIFF fields?
|
||||
# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
|
||||
#
|
||||
|
||||
# [GRR: what the hell is this doing in here?]
|
||||
#0 string xbtoa btoa'd file
|
||||
|
||||
# PBMPLUS
|
||||
# PBM file
|
||||
0 string P1 image/x-portable-bitmap 7bit
|
||||
# PGM file
|
||||
0 string P2 image/x-portable-greymap 7bit
|
||||
# PPM file
|
||||
0 string P3 image/x-portable-pixmap 7bit
|
||||
# PBM "rawbits" file
|
||||
0 string P4 image/x-portable-bitmap
|
||||
# PGM "rawbits" file
|
||||
0 string P5 image/x-portable-greymap
|
||||
# PPM "rawbits" file
|
||||
0 string P6 image/x-portable-pixmap
|
||||
|
||||
# NIFF (Navy Interchange File Format, a modification of TIFF)
|
||||
# [GRR: this *must* go before TIFF]
|
||||
0 string IIN1 image/x-niff
|
||||
|
||||
# TIFF and friends
|
||||
# TIFF file, big-endian
|
||||
0 string MM image/tiff
|
||||
# TIFF file, little-endian
|
||||
0 string II image/tiff
|
||||
|
||||
# possible GIF replacements; none yet released!
|
||||
# (Greg Roelofs, newt@uchicago.edu)
|
||||
#
|
||||
# GRR 950115: this was mine ("Zip GIF"):
|
||||
# ZIF image (GIF+deflate alpha)
|
||||
0 string GIF94z image/unknown
|
||||
#
|
||||
# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
|
||||
# FGF image (GIF+deflate beta)
|
||||
0 string FGF95a image/unknown
|
||||
#
|
||||
# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
|
||||
# (best; not yet implemented):
|
||||
# PBF image (deflate compression)
|
||||
0 string PBF image/unknown
|
||||
|
||||
# GIF
|
||||
0 string GIF image/gif
|
||||
|
||||
# JPEG images
|
||||
0 beshort 0xffd8 image/jpeg
|
||||
|
||||
# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
|
||||
0 string BM image/bmp
|
||||
#>14 byte 12 (OS/2 1.x format)
|
||||
#>14 byte 64 (OS/2 2.x format)
|
||||
#>14 byte 40 (Windows 3.x format)
|
||||
#0 string IC icon
|
||||
#0 string PI pointer
|
||||
#0 string CI color icon
|
||||
#0 string CP color pointer
|
||||
#0 string BA bitmap array
|
||||
|
||||
0 string \x89PNG image/png
|
||||
0 string FWS application/x-shockwave-flash
|
||||
0 string CWS application/x-shockwave-flash
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# lisp: file(1) magic for lisp programs
|
||||
#
|
||||
# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
|
||||
0 string ;; text/plain 8bit
|
||||
# Emacs 18 - this is always correct, but not very magical.
|
||||
0 string \012( application/x-elc
|
||||
# Emacs 19
|
||||
0 string ;ELC\023\000\000\000 application/x-elc
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# mail.news: file(1) magic for mail and news
|
||||
#
|
||||
# There are tests to ascmagic.c to cope with mail and news.
|
||||
0 string Relay-Version: message/rfc822 7bit
|
||||
0 string #!\ rnews message/rfc822 7bit
|
||||
0 string N#!\ rnews message/rfc822 7bit
|
||||
0 string Forward\ to message/rfc822 7bit
|
||||
0 string Pipe\ to message/rfc822 7bit
|
||||
0 string Return-Path: message/rfc822 7bit
|
||||
0 string Path: message/news 8bit
|
||||
0 string Xref: message/news 8bit
|
||||
0 string From: message/rfc822 7bit
|
||||
0 string Article message/news 8bit
|
||||
#------------------------------------------------------------------------------
|
||||
# msword: file(1) magic for MS Word files
|
||||
#
|
||||
# Contributor claims:
|
||||
# Reversed-engineered MS Word magic numbers
|
||||
#
|
||||
|
||||
0 string \376\067\0\043 application/msword
|
||||
0 string \333\245-\0\0\0 application/msword
|
||||
|
||||
# disable this one because it applies also to other
|
||||
# Office/OLE documents for which msword is not correct. See PR#2608.
|
||||
#0 string \320\317\021\340\241\261 application/msword
|
||||
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# printer: file(1) magic for printer-formatted files
|
||||
#
|
||||
|
||||
# PostScript
|
||||
0 string %! application/postscript
|
||||
0 string \004%! application/postscript
|
||||
|
||||
# Acrobat
|
||||
# (due to clamen@cs.cmu.edu)
|
||||
0 string %PDF- application/pdf
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# sc: file(1) magic for "sc" spreadsheet
|
||||
#
|
||||
38 string Spreadsheet application/x-sc
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# tex: file(1) magic for TeX files
|
||||
#
|
||||
# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
|
||||
#
|
||||
# From <conklin@talisman.kaleida.com>
|
||||
|
||||
# Although we may know the offset of certain text fields in TeX DVI
|
||||
# and font files, we can't use them reliably because they are not
|
||||
# zero terminated. [but we do anyway, christos]
|
||||
0 string \367\002 application/x-dvi
|
||||
#0 string \367\203 TeX generic font data
|
||||
#0 string \367\131 TeX packed font data
|
||||
#0 string \367\312 TeX virtual font data
|
||||
#0 string This\ is\ TeX, TeX transcript text
|
||||
#0 string This\ is\ METAFONT, METAFONT transcript text
|
||||
|
||||
# There is no way to detect TeX Font Metric (*.tfm) files without
|
||||
# breaking them apart and reading the data. The following patterns
|
||||
# match most *.tfm files generated by METAFONT or afm2tfm.
|
||||
#2 string \000\021 TeX font metric data
|
||||
#2 string \000\022 TeX font metric data
|
||||
#>34 string >\0 (%s)
|
||||
|
||||
# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
|
||||
#0 string \\input\ texinfo Texinfo source text
|
||||
#0 string This\ is\ Info\ file GNU Info text
|
||||
|
||||
# correct TeX magic for Linux (and maybe more)
|
||||
# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
|
||||
#
|
||||
0 leshort 0x02f7 application/x-dvi
|
||||
|
||||
# RTF - Rich Text Format
|
||||
0 string {\\rtf application/rtf
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# animation: file(1) magic for animation/movie formats
|
||||
#
|
||||
# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
|
||||
# MPEG file
|
||||
0 string \000\000\001\263 video/mpeg
|
||||
#
|
||||
# The contributor claims:
|
||||
# I couldn't find a real magic number for these, however, this
|
||||
# -appears- to work. Note that it might catch other files, too,
|
||||
# so BE CAREFUL!
|
||||
#
|
||||
# Note that title and author appear in the two 20-byte chunks
|
||||
# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
|
||||
# 255 (hex FF)! DL format SUCKS BIG ROCKS.
|
||||
#
|
||||
# DL file version 1 , medium format (160x100, 4 images/screen)
|
||||
0 byte 1 video/unknown
|
||||
0 byte 2 video/unknown
|
||||
# Quicktime video, from Linus Walleij <triad@df.lth.se>
|
||||
# from Apple quicktime file format documentation.
|
||||
4 string moov video/quicktime
|
||||
4 string mdat video/quicktime
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# application/x-coredump for LE/BE ELF
|
||||
#
|
||||
0 string \177ELF
|
||||
>5 byte 1
|
||||
>16 leshort 4 application/x-coredump
|
||||
|
||||
0 string \177ELF
|
||||
>5 byte 2
|
||||
>16 beshort 4 application/x-coredump
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
# Note that logs are not compressed unless "compress" is configured,
|
||||
# which can be done either here or globally in /etc/logrotate.conf.
|
||||
/var/log/httpd/*log {
|
||||
missingok
|
||||
notifempty
|
||||
sharedscripts
|
||||
delaycompress
|
||||
postrotate
|
||||
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
|
||||
endscript
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
/var/log/php-fpm/*log {
|
||||
missingok
|
||||
notifempty
|
||||
sharedscripts
|
||||
delaycompress
|
||||
postrotate
|
||||
/bin/kill -SIGUSR1 `cat /run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
|
||||
endscript
|
||||
}
|
||||
@@ -0,0 +1,135 @@
|
||||
;;;;;;;;;;;;;;;;;;;;;
|
||||
; FPM Configuration ;
|
||||
;;;;;;;;;;;;;;;;;;;;;
|
||||
|
||||
; All relative paths in this configuration file are relative to PHP's install
|
||||
; prefix.
|
||||
|
||||
;;;;;;;;;;;;;;;;;;
|
||||
; Global Options ;
|
||||
;;;;;;;;;;;;;;;;;;
|
||||
|
||||
[global]
|
||||
; Pid file
|
||||
; Default Value: none
|
||||
pid = /run/php-fpm/php-fpm.pid
|
||||
|
||||
; Error log file
|
||||
; If it's set to "syslog", log is sent to syslogd instead of being written
|
||||
; in a local file.
|
||||
; Default Value: /var/log/php-fpm.log
|
||||
error_log = /var/log/php-fpm/error.log
|
||||
|
||||
; syslog_facility is used to specify what type of program is logging the
|
||||
; message. This lets syslogd specify that messages from different facilities
|
||||
; will be handled differently.
|
||||
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
|
||||
; Default Value: daemon
|
||||
;syslog.facility = daemon
|
||||
|
||||
; syslog_ident is prepended to every message. If you have multiple FPM
|
||||
; instances running on the same server, you can change the default value
|
||||
; which must suit common needs.
|
||||
; Default Value: php-fpm
|
||||
;syslog.ident = php-fpm
|
||||
|
||||
; Log level
|
||||
; Possible Values: alert, error, warning, notice, debug
|
||||
; Default Value: notice
|
||||
;log_level = notice
|
||||
|
||||
; Log limit on number of characters in the single line (log entry). If the
|
||||
; line is over the limit, it is wrapped on multiple lines. The limit is for
|
||||
; all logged characters including message prefix and suffix if present. However
|
||||
; the new line character does not count into it as it is present only when
|
||||
; logging to a file descriptor. It means the new line character is not present
|
||||
; when logging to syslog.
|
||||
; Default Value: 1024
|
||||
;log_limit = 4096
|
||||
|
||||
; Log buffering specifies if the log line is buffered which means that the
|
||||
; line is written in a single write operation. If the value is false, then the
|
||||
; data is written directly into the file descriptor. It is an experimental
|
||||
; option that can potentionaly improve logging performance and memory usage
|
||||
; for some heavy logging scenarios. This option is ignored if logging to syslog
|
||||
; as it has to be always buffered.
|
||||
; Default value: yes
|
||||
;log_buffering = no
|
||||
|
||||
; If this number of child processes exit with SIGSEGV or SIGBUS within the time
|
||||
; interval set by emergency_restart_interval then FPM will restart. A value
|
||||
; of '0' means 'Off'.
|
||||
; Default Value: 0
|
||||
;emergency_restart_threshold = 0
|
||||
|
||||
; Interval of time used by emergency_restart_interval to determine when
|
||||
; a graceful restart will be initiated. This can be useful to work around
|
||||
; accidental corruptions in an accelerator's shared memory.
|
||||
; Available Units: s(econds), m(inutes), h(ours), or d(ays)
|
||||
; Default Unit: seconds
|
||||
; Default Value: 0
|
||||
;emergency_restart_interval = 0
|
||||
|
||||
; Time limit for child processes to wait for a reaction on signals from master.
|
||||
; Available units: s(econds), m(inutes), h(ours), or d(ays)
|
||||
; Default Unit: seconds
|
||||
; Default Value: 0
|
||||
;process_control_timeout = 0
|
||||
|
||||
; The maximum number of processes FPM will fork. This has been designed to control
|
||||
; the global number of processes when using dynamic PM within a lot of pools.
|
||||
; Use it with caution.
|
||||
; Note: A value of 0 indicates no limit
|
||||
; Default Value: 0
|
||||
;process.max = 128
|
||||
|
||||
; Specify the nice(2) priority to apply to the master process (only if set)
|
||||
; The value can vary from -19 (highest priority) to 20 (lowest priority)
|
||||
; Note: - It will only work if the FPM master process is launched as root
|
||||
; - The pool process will inherit the master process priority
|
||||
; unless specified otherwise
|
||||
; Default Value: no set
|
||||
;process.priority = -19
|
||||
|
||||
; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
|
||||
; Default Value: yes
|
||||
daemonize = yes
|
||||
|
||||
; Set open file descriptor rlimit for the master process.
|
||||
; Default Value: system defined value
|
||||
;rlimit_files = 1024
|
||||
|
||||
; Set max core size rlimit for the master process.
|
||||
; Possible Values: 'unlimited' or an integer greater or equal to 0
|
||||
; Default Value: system defined value
|
||||
;rlimit_core = 0
|
||||
|
||||
; Specify the event mechanism FPM will use. The following is available:
|
||||
; - select (any POSIX os)
|
||||
; - poll (any POSIX os)
|
||||
; - epoll (linux >= 2.5.44)
|
||||
; Default Value: not set (auto detection)
|
||||
;events.mechanism = epoll
|
||||
|
||||
; When FPM is built with systemd integration, specify the interval,
|
||||
; in seconds, between health report notification to systemd.
|
||||
; Set to 0 to disable.
|
||||
; Available Units: s(econds), m(inutes), h(ours)
|
||||
; Default Unit: seconds
|
||||
; Default value: 10
|
||||
;systemd_interval = 10
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;
|
||||
; Pool Definitions ;
|
||||
;;;;;;;;;;;;;;;;;;;;
|
||||
|
||||
; Multiple pools of child processes may be started with different listening
|
||||
; ports and different management options. The name of the pool will be
|
||||
; used in logs and stats. There is no limitation on the number of pools which
|
||||
; FPM can handle. Your system will tell you anyway :)
|
||||
|
||||
; Include one or more files. If glob(3) exists, it is used to include a bunch of
|
||||
; files from a glob(3) pattern. This directive can be used everywhere in the
|
||||
; file.
|
||||
include=/etc/php-fpm.d/*.conf
|
||||
|
||||
@@ -0,0 +1,438 @@
|
||||
; Start a new pool named 'www'.
|
||||
; the variable $pool can be used in any directive and will be replaced by the
|
||||
; pool name ('www' here)
|
||||
[www]
|
||||
|
||||
; Per pool prefix
|
||||
; It only applies on the following directives:
|
||||
; - 'access.log'
|
||||
; - 'slowlog'
|
||||
; - 'listen' (unixsocket)
|
||||
; - 'chroot'
|
||||
; - 'chdir'
|
||||
; - 'php_values'
|
||||
; - 'php_admin_values'
|
||||
; When not set, the global prefix (or @php_fpm_prefix@) applies instead.
|
||||
; Note: This directive can also be relative to the global prefix.
|
||||
; Default Value: none
|
||||
;prefix = /path/to/pools/$pool
|
||||
|
||||
; Unix user/group of processes
|
||||
; Note: The user is mandatory. If the group is not set, the default user's group
|
||||
; will be used.
|
||||
; RPM: apache user chosen to provide access to the same directories as httpd
|
||||
user = apache
|
||||
; RPM: Keep a group allowed to write in log dir.
|
||||
group = apache
|
||||
|
||||
; The address on which to accept FastCGI requests.
|
||||
; Valid syntaxes are:
|
||||
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
|
||||
; a specific port;
|
||||
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
|
||||
; a specific port;
|
||||
; 'port' - to listen on a TCP socket to all addresses
|
||||
; (IPv6 and IPv4-mapped) on a specific port;
|
||||
; '/path/to/unix/socket' - to listen on a unix socket.
|
||||
; Note: This value is mandatory.
|
||||
listen = /run/php-fpm/www.sock
|
||||
|
||||
; Set listen(2) backlog.
|
||||
; Default Value: 511
|
||||
;listen.backlog = 511
|
||||
|
||||
; Set permissions for unix socket, if one is used. In Linux, read/write
|
||||
; permissions must be set in order to allow connections from a web server.
|
||||
; Default Values: user and group are set as the running user
|
||||
; mode is set to 0660
|
||||
;listen.owner = nobody
|
||||
;listen.group = nobody
|
||||
;listen.mode = 0660
|
||||
|
||||
; When POSIX Access Control Lists are supported you can set them using
|
||||
; these options, value is a comma separated list of user/group names.
|
||||
; When set, listen.owner and listen.group are ignored
|
||||
listen.acl_users = apache,nginx
|
||||
;listen.acl_groups =
|
||||
|
||||
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
|
||||
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
|
||||
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
|
||||
; must be separated by a comma. If this value is left blank, connections will be
|
||||
; accepted from any ip address.
|
||||
; Default Value: any
|
||||
listen.allowed_clients = 127.0.0.1
|
||||
|
||||
; Specify the nice(2) priority to apply to the pool processes (only if set)
|
||||
; The value can vary from -19 (highest priority) to 20 (lower priority)
|
||||
; Note: - It will only work if the FPM master process is launched as root
|
||||
; - The pool processes will inherit the master process priority
|
||||
; unless it specified otherwise
|
||||
; Default Value: no set
|
||||
; process.priority = -19
|
||||
|
||||
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
|
||||
; or group is differrent than the master process user. It allows to create process
|
||||
; core dump and ptrace the process for the pool user.
|
||||
; Default Value: no
|
||||
; process.dumpable = yes
|
||||
|
||||
; Choose how the process manager will control the number of child processes.
|
||||
; Possible Values:
|
||||
; static - a fixed number (pm.max_children) of child processes;
|
||||
; dynamic - the number of child processes are set dynamically based on the
|
||||
; following directives. With this process management, there will be
|
||||
; always at least 1 children.
|
||||
; pm.max_children - the maximum number of children that can
|
||||
; be alive at the same time.
|
||||
; pm.start_servers - the number of children created on startup.
|
||||
; pm.min_spare_servers - the minimum number of children in 'idle'
|
||||
; state (waiting to process). If the number
|
||||
; of 'idle' processes is less than this
|
||||
; number then some children will be created.
|
||||
; pm.max_spare_servers - the maximum number of children in 'idle'
|
||||
; state (waiting to process). If the number
|
||||
; of 'idle' processes is greater than this
|
||||
; number then some children will be killed.
|
||||
; ondemand - no children are created at startup. Children will be forked when
|
||||
; new requests will connect. The following parameter are used:
|
||||
; pm.max_children - the maximum number of children that
|
||||
; can be alive at the same time.
|
||||
; pm.process_idle_timeout - The number of seconds after which
|
||||
; an idle process will be killed.
|
||||
; Note: This value is mandatory.
|
||||
pm = dynamic
|
||||
|
||||
; The number of child processes to be created when pm is set to 'static' and the
|
||||
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
|
||||
; This value sets the limit on the number of simultaneous requests that will be
|
||||
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
|
||||
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
|
||||
; CGI. The below defaults are based on a server without much resources. Don't
|
||||
; forget to tweak pm.* to fit your needs.
|
||||
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
|
||||
; Note: This value is mandatory.
|
||||
pm.max_children = 50
|
||||
|
||||
; The number of child processes created on startup.
|
||||
; Note: Used only when pm is set to 'dynamic'
|
||||
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
|
||||
pm.start_servers = 5
|
||||
|
||||
; The desired minimum number of idle server processes.
|
||||
; Note: Used only when pm is set to 'dynamic'
|
||||
; Note: Mandatory when pm is set to 'dynamic'
|
||||
pm.min_spare_servers = 5
|
||||
|
||||
; The desired maximum number of idle server processes.
|
||||
; Note: Used only when pm is set to 'dynamic'
|
||||
; Note: Mandatory when pm is set to 'dynamic'
|
||||
pm.max_spare_servers = 35
|
||||
|
||||
; The number of seconds after which an idle process will be killed.
|
||||
; Note: Used only when pm is set to 'ondemand'
|
||||
; Default Value: 10s
|
||||
;pm.process_idle_timeout = 10s;
|
||||
|
||||
; The number of requests each child process should execute before respawning.
|
||||
; This can be useful to work around memory leaks in 3rd party libraries. For
|
||||
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
|
||||
; Default Value: 0
|
||||
;pm.max_requests = 500
|
||||
|
||||
; The URI to view the FPM status page. If this value is not set, no URI will be
|
||||
; recognized as a status page. It shows the following informations:
|
||||
; pool - the name of the pool;
|
||||
; process manager - static, dynamic or ondemand;
|
||||
; start time - the date and time FPM has started;
|
||||
; start since - number of seconds since FPM has started;
|
||||
; accepted conn - the number of request accepted by the pool;
|
||||
; listen queue - the number of request in the queue of pending
|
||||
; connections (see backlog in listen(2));
|
||||
; max listen queue - the maximum number of requests in the queue
|
||||
; of pending connections since FPM has started;
|
||||
; listen queue len - the size of the socket queue of pending connections;
|
||||
; idle processes - the number of idle processes;
|
||||
; active processes - the number of active processes;
|
||||
; total processes - the number of idle + active processes;
|
||||
; max active processes - the maximum number of active processes since FPM
|
||||
; has started;
|
||||
; max children reached - number of times, the process limit has been reached,
|
||||
; when pm tries to start more children (works only for
|
||||
; pm 'dynamic' and 'ondemand');
|
||||
; Value are updated in real time.
|
||||
; Example output:
|
||||
; pool: www
|
||||
; process manager: static
|
||||
; start time: 01/Jul/2011:17:53:49 +0200
|
||||
; start since: 62636
|
||||
; accepted conn: 190460
|
||||
; listen queue: 0
|
||||
; max listen queue: 1
|
||||
; listen queue len: 42
|
||||
; idle processes: 4
|
||||
; active processes: 11
|
||||
; total processes: 15
|
||||
; max active processes: 12
|
||||
; max children reached: 0
|
||||
;
|
||||
; By default the status page output is formatted as text/plain. Passing either
|
||||
; 'html', 'xml' or 'json' in the query string will return the corresponding
|
||||
; output syntax. Example:
|
||||
; http://www.foo.bar/status
|
||||
; http://www.foo.bar/status?json
|
||||
; http://www.foo.bar/status?html
|
||||
; http://www.foo.bar/status?xml
|
||||
;
|
||||
; By default the status page only outputs short status. Passing 'full' in the
|
||||
; query string will also return status for each pool process.
|
||||
; Example:
|
||||
; http://www.foo.bar/status?full
|
||||
; http://www.foo.bar/status?json&full
|
||||
; http://www.foo.bar/status?html&full
|
||||
; http://www.foo.bar/status?xml&full
|
||||
; The Full status returns for each process:
|
||||
; pid - the PID of the process;
|
||||
; state - the state of the process (Idle, Running, ...);
|
||||
; start time - the date and time the process has started;
|
||||
; start since - the number of seconds since the process has started;
|
||||
; requests - the number of requests the process has served;
|
||||
; request duration - the duration in µs of the requests;
|
||||
; request method - the request method (GET, POST, ...);
|
||||
; request URI - the request URI with the query string;
|
||||
; content length - the content length of the request (only with POST);
|
||||
; user - the user (PHP_AUTH_USER) (or '-' if not set);
|
||||
; script - the main script called (or '-' if not set);
|
||||
; last request cpu - the %cpu the last request consumed
|
||||
; it's always 0 if the process is not in Idle state
|
||||
; because CPU calculation is done when the request
|
||||
; processing has terminated;
|
||||
; last request memory - the max amount of memory the last request consumed
|
||||
; it's always 0 if the process is not in Idle state
|
||||
; because memory calculation is done when the request
|
||||
; processing has terminated;
|
||||
; If the process is in Idle state, then informations are related to the
|
||||
; last request the process has served. Otherwise informations are related to
|
||||
; the current request being served.
|
||||
; Example output:
|
||||
; ************************
|
||||
; pid: 31330
|
||||
; state: Running
|
||||
; start time: 01/Jul/2011:17:53:49 +0200
|
||||
; start since: 63087
|
||||
; requests: 12808
|
||||
; request duration: 1250261
|
||||
; request method: GET
|
||||
; request URI: /test_mem.php?N=10000
|
||||
; content length: 0
|
||||
; user: -
|
||||
; script: /home/fat/web/docs/php/test_mem.php
|
||||
; last request cpu: 0.00
|
||||
; last request memory: 0
|
||||
;
|
||||
; Note: There is a real-time FPM status monitoring sample web page available
|
||||
; It's available in: @EXPANDED_DATADIR@/fpm/status.html
|
||||
;
|
||||
; Note: The value must start with a leading slash (/). The value can be
|
||||
; anything, but it may not be a good idea to use the .php extension or it
|
||||
; may conflict with a real PHP file.
|
||||
; Default Value: not set
|
||||
;pm.status_path = /status
|
||||
|
||||
; The ping URI to call the monitoring page of FPM. If this value is not set, no
|
||||
; URI will be recognized as a ping page. This could be used to test from outside
|
||||
; that FPM is alive and responding, or to
|
||||
; - create a graph of FPM availability (rrd or such);
|
||||
; - remove a server from a group if it is not responding (load balancing);
|
||||
; - trigger alerts for the operating team (24/7).
|
||||
; Note: The value must start with a leading slash (/). The value can be
|
||||
; anything, but it may not be a good idea to use the .php extension or it
|
||||
; may conflict with a real PHP file.
|
||||
; Default Value: not set
|
||||
;ping.path = /ping
|
||||
|
||||
; This directive may be used to customize the response of a ping request. The
|
||||
; response is formatted as text/plain with a 200 response code.
|
||||
; Default Value: pong
|
||||
;ping.response = pong
|
||||
|
||||
; The access log file
|
||||
; Default: not set
|
||||
;access.log = log/$pool.access.log
|
||||
|
||||
; The access log format.
|
||||
; The following syntax is allowed
|
||||
; %%: the '%' character
|
||||
; %C: %CPU used by the request
|
||||
; it can accept the following format:
|
||||
; - %{user}C for user CPU only
|
||||
; - %{system}C for system CPU only
|
||||
; - %{total}C for user + system CPU (default)
|
||||
; %d: time taken to serve the request
|
||||
; it can accept the following format:
|
||||
; - %{seconds}d (default)
|
||||
; - %{miliseconds}d
|
||||
; - %{mili}d
|
||||
; - %{microseconds}d
|
||||
; - %{micro}d
|
||||
; %e: an environment variable (same as $_ENV or $_SERVER)
|
||||
; it must be associated with embraces to specify the name of the env
|
||||
; variable. Some exemples:
|
||||
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
|
||||
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
|
||||
; %f: script filename
|
||||
; %l: content-length of the request (for POST request only)
|
||||
; %m: request method
|
||||
; %M: peak of memory allocated by PHP
|
||||
; it can accept the following format:
|
||||
; - %{bytes}M (default)
|
||||
; - %{kilobytes}M
|
||||
; - %{kilo}M
|
||||
; - %{megabytes}M
|
||||
; - %{mega}M
|
||||
; %n: pool name
|
||||
; %o: output header
|
||||
; it must be associated with embraces to specify the name of the header:
|
||||
; - %{Content-Type}o
|
||||
; - %{X-Powered-By}o
|
||||
; - %{Transfert-Encoding}o
|
||||
; - ....
|
||||
; %p: PID of the child that serviced the request
|
||||
; %P: PID of the parent of the child that serviced the request
|
||||
; %q: the query string
|
||||
; %Q: the '?' character if query string exists
|
||||
; %r: the request URI (without the query string, see %q and %Q)
|
||||
; %R: remote IP address
|
||||
; %s: status (response code)
|
||||
; %t: server time the request was received
|
||||
; it can accept a strftime(3) format:
|
||||
; %d/%b/%Y:%H:%M:%S %z (default)
|
||||
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
||||
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
||||
; %T: time the log has been written (the request has finished)
|
||||
; it can accept a strftime(3) format:
|
||||
; %d/%b/%Y:%H:%M:%S %z (default)
|
||||
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
||||
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
||||
; %u: remote user
|
||||
;
|
||||
; Default: "%R - %u %t \"%m %r\" %s"
|
||||
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
|
||||
|
||||
; The log file for slow requests
|
||||
; Default Value: not set
|
||||
; Note: slowlog is mandatory if request_slowlog_timeout is set
|
||||
slowlog = /var/log/php-fpm/www-slow.log
|
||||
|
||||
; The timeout for serving a single request after which a PHP backtrace will be
|
||||
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
|
||||
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
|
||||
; Default Value: 0
|
||||
;request_slowlog_timeout = 0
|
||||
|
||||
; Depth of slow log stack trace.
|
||||
; Default Value: 20
|
||||
;request_slowlog_trace_depth = 20
|
||||
|
||||
; The timeout for serving a single request after which the worker process will
|
||||
; be killed. This option should be used when the 'max_execution_time' ini option
|
||||
; does not stop script execution for some reason. A value of '0' means 'off'.
|
||||
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
|
||||
; Default Value: 0
|
||||
;request_terminate_timeout = 0
|
||||
|
||||
; Set open file descriptor rlimit.
|
||||
; Default Value: system defined value
|
||||
;rlimit_files = 1024
|
||||
|
||||
; Set max core size rlimit.
|
||||
; Possible Values: 'unlimited' or an integer greater or equal to 0
|
||||
; Default Value: system defined value
|
||||
;rlimit_core = 0
|
||||
|
||||
; Chroot to this directory at the start. This value must be defined as an
|
||||
; absolute path. When this value is not set, chroot is not used.
|
||||
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
|
||||
; of its subdirectories. If the pool prefix is not set, the global prefix
|
||||
; will be used instead.
|
||||
; Note: chrooting is a great security feature and should be used whenever
|
||||
; possible. However, all PHP paths will be relative to the chroot
|
||||
; (error_log, sessions.save_path, ...).
|
||||
; Default Value: not set
|
||||
;chroot =
|
||||
|
||||
; Chdir to this directory at the start.
|
||||
; Note: relative path can be used.
|
||||
; Default Value: current directory or / when chroot
|
||||
;chdir = /var/www
|
||||
|
||||
; Redirect worker stdout and stderr into main error log. If not set, stdout and
|
||||
; stderr will be redirected to /dev/null according to FastCGI specs.
|
||||
; Note: on highloaded environement, this can cause some delay in the page
|
||||
; process time (several ms).
|
||||
; Default Value: no
|
||||
;catch_workers_output = yes
|
||||
|
||||
; Clear environment in FPM workers
|
||||
; Prevents arbitrary environment variables from reaching FPM worker processes
|
||||
; by clearing the environment in workers before env vars specified in this
|
||||
; pool configuration are added.
|
||||
; Setting to "no" will make all environment variables available to PHP code
|
||||
; via getenv(), $_ENV and $_SERVER.
|
||||
; Default Value: yes
|
||||
;clear_env = no
|
||||
|
||||
; Limits the extensions of the main script FPM will allow to parse. This can
|
||||
; prevent configuration mistakes on the web server side. You should only limit
|
||||
; FPM to .php extensions to prevent malicious users to use other extensions to
|
||||
; execute php code.
|
||||
; Note: set an empty value to allow all extensions.
|
||||
; Default Value: .php
|
||||
;security.limit_extensions = .php .php3 .php4 .php5 .php7
|
||||
|
||||
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
|
||||
; the current environment.
|
||||
; Default Value: clean env
|
||||
;env[HOSTNAME] = $HOSTNAME
|
||||
;env[PATH] = /usr/local/bin:/usr/bin:/bin
|
||||
;env[TMP] = /tmp
|
||||
;env[TMPDIR] = /tmp
|
||||
;env[TEMP] = /tmp
|
||||
|
||||
; Additional php.ini defines, specific to this pool of workers. These settings
|
||||
; overwrite the values previously defined in the php.ini. The directives are the
|
||||
; same as the PHP SAPI:
|
||||
; php_value/php_flag - you can set classic ini defines which can
|
||||
; be overwritten from PHP call 'ini_set'.
|
||||
; php_admin_value/php_admin_flag - these directives won't be overwritten by
|
||||
; PHP call 'ini_set'
|
||||
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
|
||||
|
||||
; Defining 'extension' will load the corresponding shared extension from
|
||||
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
|
||||
; overwrite previously defined php.ini values, but will append the new value
|
||||
; instead.
|
||||
|
||||
; Note: path INI options can be relative and will be expanded with the prefix
|
||||
; (pool, global or @prefix@)
|
||||
|
||||
; Default Value: nothing is defined by default except the values in php.ini and
|
||||
; specified at startup with the -d argument
|
||||
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
|
||||
;php_flag[display_errors] = off
|
||||
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
|
||||
php_admin_flag[log_errors] = on
|
||||
;php_admin_value[memory_limit] = 128M
|
||||
|
||||
; Set the following data paths to directories owned by the FPM process user.
|
||||
;
|
||||
; Do not change the ownership of existing system directories, if the process
|
||||
; user does not have write permission, create dedicated directories for this
|
||||
; purpose.
|
||||
;
|
||||
; See warning about choosing the location of these directories on your system
|
||||
; at http://php.net/session.save-path
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
|
||||
;php_value[opcache.file_cache] = /var/lib/php/opcache
|
||||
@@ -0,0 +1,148 @@
|
||||
; Enable Zend OPcache extension module
|
||||
zend_extension=opcache
|
||||
|
||||
; Determines if Zend OPCache is enabled
|
||||
opcache.enable=1
|
||||
|
||||
; Determines if Zend OPCache is enabled for the CLI version of PHP
|
||||
opcache.enable_cli=1
|
||||
|
||||
; The OPcache shared memory storage size.
|
||||
;opcache.memory_consumption=128
|
||||
|
||||
; The amount of memory for interned strings in Mbytes.
|
||||
;opcache.interned_strings_buffer=8
|
||||
|
||||
; The maximum number of keys (scripts) in the OPcache hash table.
|
||||
; Only numbers between 200 and 1000000 are allowed.
|
||||
;opcache.max_accelerated_files=10000
|
||||
|
||||
; The maximum percentage of "wasted" memory until a restart is scheduled.
|
||||
;opcache.max_wasted_percentage=5
|
||||
|
||||
; When this directive is enabled, the OPcache appends the current working
|
||||
; directory to the script key, thus eliminating possible collisions between
|
||||
; files with the same name (basename). Disabling the directive improves
|
||||
; performance, but may break existing applications.
|
||||
;opcache.use_cwd=1
|
||||
|
||||
; When disabled, you must reset the OPcache manually or restart the
|
||||
; webserver for changes to the filesystem to take effect.
|
||||
;opcache.validate_timestamps=1
|
||||
|
||||
; How often (in seconds) to check file timestamps for changes to the shared
|
||||
; memory storage allocation. ("1" means validate once per second, but only
|
||||
; once per request. "0" means always validate)
|
||||
;opcache.revalidate_freq=2
|
||||
|
||||
; Enables or disables file search in include_path optimization
|
||||
;opcache.revalidate_path=0
|
||||
|
||||
; If disabled, all PHPDoc comments are dropped from the code to reduce the
|
||||
; size of the optimized code.
|
||||
;opcache.save_comments=1
|
||||
|
||||
; Allow file existence override (file_exists, etc.) performance feature.
|
||||
;opcache.enable_file_override=0
|
||||
|
||||
; A bitmask, where each bit enables or disables the appropriate OPcache
|
||||
; passes
|
||||
;opcache.optimization_level=0x7FFFBFFF
|
||||
|
||||
; This hack should only be enabled to work around "Cannot redeclare class"
|
||||
; errors.
|
||||
;opcache.dups_fix=0
|
||||
|
||||
; The location of the OPcache blacklist file (wildcards allowed).
|
||||
; Each OPcache blacklist file is a text file that holds the names of files
|
||||
; that should not be accelerated.
|
||||
opcache.blacklist_filename=/etc/php-zts.d/opcache*.blacklist
|
||||
|
||||
; Allows exclusion of large files from being cached. By default all files
|
||||
; are cached.
|
||||
;opcache.max_file_size=0
|
||||
|
||||
; Check the cache checksum each N requests.
|
||||
; The default value of "0" means that the checks are disabled.
|
||||
;opcache.consistency_checks=0
|
||||
|
||||
; How long to wait (in seconds) for a scheduled restart to begin if the cache
|
||||
; is not being accessed.
|
||||
;opcache.force_restart_timeout=180
|
||||
|
||||
; OPcache error_log file name. Empty string assumes "stderr".
|
||||
;opcache.error_log=
|
||||
|
||||
; All OPcache errors go to the Web server log.
|
||||
; By default, only fatal errors (level 0) or errors (level 1) are logged.
|
||||
; You can also enable warnings (level 2), info messages (level 3) or
|
||||
; debug messages (level 4).
|
||||
;opcache.log_verbosity_level=1
|
||||
|
||||
; Preferred Shared Memory back-end. Leave empty and let the system decide.
|
||||
;opcache.preferred_memory_model=
|
||||
|
||||
; Protect the shared memory from unexpected writing during script execution.
|
||||
; Useful for internal debugging only.
|
||||
;opcache.protect_memory=0
|
||||
|
||||
; Allows calling OPcache API functions only from PHP scripts which path is
|
||||
; started from specified string. The default "" means no restriction
|
||||
;opcache.restrict_api=
|
||||
|
||||
; Enables and sets the second level cache directory.
|
||||
; It should improve performance when SHM memory is full, at server restart or
|
||||
; SHM reset. The default "" disables file based caching.
|
||||
; RPM note : file cache directory must be owned by process owner
|
||||
; for mod_php, see /etc/httpd/conf.d/php.conf
|
||||
; for php-fpm, see /etc/php-fpm.d/*conf
|
||||
;opcache.file_cache=
|
||||
|
||||
; Enables or disables opcode caching in shared memory.
|
||||
;opcache.file_cache_only=0
|
||||
|
||||
; Enables or disables checksum validation when script loaded from file cache.
|
||||
;opcache.file_cache_consistency_checks=1
|
||||
|
||||
; Implies opcache.file_cache_only=1 for a certain process that failed to
|
||||
; reattach to the shared memory (for Windows only). Explicitly enabled file
|
||||
; cache is required.
|
||||
;opcache.file_cache_fallback=1
|
||||
|
||||
; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
|
||||
; This should improve performance, but requires appropriate OS configuration.
|
||||
opcache.huge_code_pages=0
|
||||
|
||||
; Validate cached file permissions.
|
||||
; Leads OPcache to check file readability on each access to cached file.
|
||||
; This directive should be enabled in shared hosting environment, when few
|
||||
; users (PHP-FPM pools) reuse the common OPcache shared memory.
|
||||
;opcache.validate_permission=0
|
||||
|
||||
; Prevent name collisions in chroot'ed environment.
|
||||
; This directive prevents file name collisions in different "chroot"
|
||||
; environments. It should be enabled for sites that may serve requests in
|
||||
; different "chroot" environments.
|
||||
;opcache.validate_root=0
|
||||
|
||||
; If specified, it produces opcode dumps for debugging different stages of
|
||||
; optimizations.
|
||||
;opcache.opt_debug_level=0
|
||||
|
||||
; Specifies a PHP script that is going to be compiled and executed at server
|
||||
; start-up.
|
||||
; http://php.net/opcache.preload
|
||||
;opcache.preload=
|
||||
|
||||
; Preloading code as root is not allowed for security reasons. This directive
|
||||
; facilitates to let the preloading to be run as another user.
|
||||
; http://php.net/opcache.preload_user
|
||||
;opcache.preload_user=
|
||||
|
||||
; Prevents caching files that are less than this number of seconds old. It
|
||||
; protects from caching of incompletely updated files. In case all file updates
|
||||
; on your site are atomic, you may increase performance by setting it to "0".
|
||||
;opcache.file_update_protection=2
|
||||
|
||||
; Absolute path used to store shared lockfiles (for *nix only).
|
||||
;opcache.lockfile_path=/tmp
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable bz2 extension module
|
||||
extension=bz2
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable calendar extension module
|
||||
extension=calendar
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable ctype extension module
|
||||
extension=ctype
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable curl extension module
|
||||
extension=curl
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable dom extension module
|
||||
extension=dom
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable exif extension module
|
||||
extension=exif
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable fileinfo extension module
|
||||
extension=fileinfo
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable ftp extension module
|
||||
extension=ftp
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable gettext extension module
|
||||
extension=gettext
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable iconv extension module
|
||||
extension=iconv
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable json extension module
|
||||
extension=json
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable mbstring extension module
|
||||
extension=mbstring
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable mysqlnd extension module
|
||||
extension=mysqlnd
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable pdo extension module
|
||||
extension=pdo
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable phar extension module
|
||||
extension=phar
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable simplexml extension module
|
||||
extension=simplexml
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable sockets extension module
|
||||
extension=sockets
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable sodium extension module
|
||||
extension=sodium
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable sqlite3 extension module
|
||||
extension=sqlite3
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable tokenizer extension module
|
||||
extension=tokenizer
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xml extension module
|
||||
extension=xml
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xmlwriter extension module
|
||||
extension=xmlwriter
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xsl extension module
|
||||
extension=xsl
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable mysqli extension module
|
||||
extension=mysqli
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable pdo_mysql extension module
|
||||
extension=pdo_mysql
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable pdo_sqlite extension module
|
||||
extension=pdo_sqlite
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xmlreader extension module
|
||||
extension=xmlreader
|
||||
@@ -0,0 +1,11 @@
|
||||
; The blacklist file is a text file that holds the names of files
|
||||
; that should not be accelerated. The file format is to add each filename
|
||||
; to a new line. The filename may be a full path or just a file prefix
|
||||
; (i.e., /var/www/x blacklists all the files and directories in /var/www
|
||||
; that start with 'x'). Line starting with a ; are ignored (comments).
|
||||
; Files are usually triggered by one of the following three reasons:
|
||||
; 1) Directories that contain auto generated code, like Smarty or ZFW cache.
|
||||
; 2) Code that does not work well when accelerated, due to some delayed
|
||||
; compile time evaluation.
|
||||
; 3) Code that triggers an OPcache bug.
|
||||
|
||||
@@ -0,0 +1,154 @@
|
||||
; Enable Zend OPcache extension module
|
||||
zend_extension=opcache
|
||||
|
||||
; Determines if Zend OPCache is enabled
|
||||
opcache.enable=1
|
||||
|
||||
; Determines if Zend OPCache is enabled for the CLI version of PHP
|
||||
opcache.enable_cli=1
|
||||
|
||||
; The OPcache shared memory storage size.
|
||||
;opcache.memory_consumption=128
|
||||
|
||||
; The amount of memory for interned strings in Mbytes.
|
||||
;opcache.interned_strings_buffer=8
|
||||
|
||||
; The maximum number of keys (scripts) in the OPcache hash table.
|
||||
; Only numbers between 200 and 1000000 are allowed.
|
||||
;opcache.max_accelerated_files=10000
|
||||
|
||||
; The maximum percentage of "wasted" memory until a restart is scheduled.
|
||||
;opcache.max_wasted_percentage=5
|
||||
|
||||
; When this directive is enabled, the OPcache appends the current working
|
||||
; directory to the script key, thus eliminating possible collisions between
|
||||
; files with the same name (basename). Disabling the directive improves
|
||||
; performance, but may break existing applications.
|
||||
;opcache.use_cwd=1
|
||||
|
||||
; When disabled, you must reset the OPcache manually or restart the
|
||||
; webserver for changes to the filesystem to take effect.
|
||||
;opcache.validate_timestamps=1
|
||||
|
||||
; How often (in seconds) to check file timestamps for changes to the shared
|
||||
; memory storage allocation. ("1" means validate once per second, but only
|
||||
; once per request. "0" means always validate)
|
||||
;opcache.revalidate_freq=2
|
||||
|
||||
; Enables or disables file search in include_path optimization
|
||||
;opcache.revalidate_path=0
|
||||
|
||||
; If disabled, all PHPDoc comments are dropped from the code to reduce the
|
||||
; size of the optimized code.
|
||||
;opcache.save_comments=1
|
||||
|
||||
; If enabled, compilation warnings (including notices and deprecations) will
|
||||
; be recorded and replayed each time a file is included. Otherwise, compilation
|
||||
; warnings will only be emitted when the file is first cached.
|
||||
;opcache.record_warnings=0
|
||||
|
||||
; Allow file existence override (file_exists, etc.) performance feature.
|
||||
;opcache.enable_file_override=0
|
||||
|
||||
; A bitmask, where each bit enables or disables the appropriate OPcache
|
||||
; passes
|
||||
;opcache.optimization_level=0x7FFFBFFF
|
||||
|
||||
; This hack should only be enabled to work around "Cannot redeclare class"
|
||||
; errors.
|
||||
;opcache.dups_fix=0
|
||||
|
||||
; The location of the OPcache blacklist file (wildcards allowed).
|
||||
; Each OPcache blacklist file is a text file that holds the names of files
|
||||
; that should not be accelerated.
|
||||
opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
|
||||
|
||||
; Allows exclusion of large files from being cached. By default all files
|
||||
; are cached.
|
||||
;opcache.max_file_size=0
|
||||
|
||||
; How long to wait (in seconds) for a scheduled restart to begin if the cache
|
||||
; is not being accessed.
|
||||
;opcache.force_restart_timeout=180
|
||||
|
||||
; OPcache error_log file name. Empty string assumes "stderr".
|
||||
;opcache.error_log=
|
||||
|
||||
; All OPcache errors go to the Web server log.
|
||||
; By default, only fatal errors (level 0) or errors (level 1) are logged.
|
||||
; You can also enable warnings (level 2), info messages (level 3) or
|
||||
; debug messages (level 4).
|
||||
;opcache.log_verbosity_level=1
|
||||
|
||||
; Preferred Shared Memory back-end. Leave empty and let the system decide.
|
||||
;opcache.preferred_memory_model=
|
||||
|
||||
; Protect the shared memory from unexpected writing during script execution.
|
||||
; Useful for internal debugging only.
|
||||
;opcache.protect_memory=0
|
||||
|
||||
; Allows calling OPcache API functions only from PHP scripts which path is
|
||||
; started from specified string. The default "" means no restriction
|
||||
;opcache.restrict_api=
|
||||
|
||||
; Enables and sets the second level cache directory.
|
||||
; It should improve performance when SHM memory is full, at server restart or
|
||||
; SHM reset. The default "" disables file based caching.
|
||||
; RPM note : file cache directory must be owned by process owner
|
||||
; for mod_php, see /etc/httpd/conf.d/php.conf
|
||||
; for php-fpm, see /etc/php-fpm.d/*conf
|
||||
;opcache.file_cache=
|
||||
|
||||
; Enables or disables opcode caching in shared memory.
|
||||
;opcache.file_cache_only=0
|
||||
|
||||
; Enables or disables checksum validation when script loaded from file cache.
|
||||
;opcache.file_cache_consistency_checks=1
|
||||
|
||||
; Implies opcache.file_cache_only=1 for a certain process that failed to
|
||||
; reattach to the shared memory (for Windows only). Explicitly enabled file
|
||||
; cache is required.
|
||||
;opcache.file_cache_fallback=1
|
||||
|
||||
; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
|
||||
; Under certain circumstances (if only a single global PHP process is
|
||||
; started from which all others fork), this can increase performance
|
||||
; by a tiny amount because TLB misses are reduced. On the other hand, this
|
||||
; delays PHP startup, increases memory usage and degrades performance
|
||||
; under memory pressure - use with care.
|
||||
; Requires appropriate OS configuration.
|
||||
opcache.huge_code_pages=0
|
||||
|
||||
; Validate cached file permissions.
|
||||
; Leads OPcache to check file readability on each access to cached file.
|
||||
; This directive should be enabled in shared hosting environment, when few
|
||||
; users (PHP-FPM pools) reuse the common OPcache shared memory.
|
||||
;opcache.validate_permission=0
|
||||
|
||||
; Prevent name collisions in chroot'ed environment.
|
||||
; This directive prevents file name collisions in different "chroot"
|
||||
; environments. It should be enabled for sites that may serve requests in
|
||||
; different "chroot" environments.
|
||||
;opcache.validate_root=0
|
||||
|
||||
; If specified, it produces opcode dumps for debugging different stages of
|
||||
; optimizations.
|
||||
;opcache.opt_debug_level=0
|
||||
|
||||
; Specifies a PHP script that is going to be compiled and executed at server
|
||||
; start-up.
|
||||
; https://php.net/opcache.preload
|
||||
;opcache.preload=
|
||||
|
||||
; Preloading code as root is not allowed for security reasons. This directive
|
||||
; facilitates to let the preloading to be run as another user.
|
||||
; https://php.net/opcache.preload_user
|
||||
;opcache.preload_user=
|
||||
|
||||
; Prevents caching files that are less than this number of seconds old. It
|
||||
; protects from caching of incompletely updated files. In case all file updates
|
||||
; on your site are atomic, you may increase performance by setting it to "0".
|
||||
;opcache.file_update_protection=2
|
||||
|
||||
; Absolute path used to store shared lockfiles (for *nix only).
|
||||
;opcache.lockfile_path=/tmp
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable bz2 extension module
|
||||
extension=bz2
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable calendar extension module
|
||||
extension=calendar
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable ctype extension module
|
||||
extension=ctype
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable curl extension module
|
||||
extension=curl
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable dom extension module
|
||||
extension=dom
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable exif extension module
|
||||
extension=exif
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable fileinfo extension module
|
||||
extension=fileinfo
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable ftp extension module
|
||||
extension=ftp
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable gettext extension module
|
||||
extension=gettext
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable iconv extension module
|
||||
extension=iconv
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable json extension module
|
||||
extension=json
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable mbstring extension module
|
||||
extension=mbstring
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable mysqlnd extension module
|
||||
extension=mysqlnd
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable pdo extension module
|
||||
extension=pdo
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable phar extension module
|
||||
extension=phar
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable simplexml extension module
|
||||
extension=simplexml
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable sockets extension module
|
||||
extension=sockets
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable sodium extension module
|
||||
extension=sodium
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable sqlite3 extension module
|
||||
extension=sqlite3
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable tokenizer extension module
|
||||
extension=tokenizer
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xml extension module
|
||||
extension=xml
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xmlwriter extension module
|
||||
extension=xmlwriter
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xsl extension module
|
||||
extension=xsl
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable mysqli extension module
|
||||
extension=mysqli
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable pdo_mysql extension module
|
||||
extension=pdo_mysql
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable pdo_sqlite extension module
|
||||
extension=pdo_sqlite
|
||||
@@ -0,0 +1,2 @@
|
||||
; Enable xmlreader extension module
|
||||
extension=xmlreader
|
||||
@@ -0,0 +1,11 @@
|
||||
; The blacklist file is a text file that holds the names of files
|
||||
; that should not be accelerated. The file format is to add each filename
|
||||
; to a new line. The filename may be a full path or just a file prefix
|
||||
; (i.e., /var/www/x blacklists all the files and directories in /var/www
|
||||
; that start with 'x'). Line starting with a ; are ignored (comments).
|
||||
; Files are usually triggered by one of the following three reasons:
|
||||
; 1) Directories that contain auto generated code, like Smarty or ZFW cache.
|
||||
; 2) Code that does not work well when accelerated, due to some delayed
|
||||
; compile time evaluation.
|
||||
; 3) Code that triggers an OPcache bug.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,16 @@
|
||||
#
|
||||
# Configuration options for systemd service, htcacheclean.service.
|
||||
# See htcacheclean(8) for more information on available options.
|
||||
#
|
||||
|
||||
# Interval between cache clean runs, in minutes
|
||||
INTERVAL=15
|
||||
|
||||
# Default cache root.
|
||||
CACHE_ROOT=/var/cache/httpd/proxy
|
||||
|
||||
# Cache size limit in bytes (K=Kbytes, M=Mbytes)
|
||||
LIMIT=100M
|
||||
|
||||
# Any other options...
|
||||
OPTIONS=
|
||||
@@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=Disk Cache Cleaning Daemon for the Apache HTTP Server
|
||||
After=httpd.service
|
||||
Documentation=man:htcacheclean.service(8)
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User=apache
|
||||
PIDFile=/run/httpd/htcacheclean/pid
|
||||
Environment=LANG=C
|
||||
EnvironmentFile=/etc/sysconfig/htcacheclean
|
||||
ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=One-time temporary TLS key generation for httpd.service
|
||||
Documentation=man:httpd-init.service(8)
|
||||
|
||||
ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt
|
||||
ConditionPathExists=|!/etc/pki/tls/private/localhost.key
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=no
|
||||
PrivateTmp=true
|
||||
|
||||
ExecStart=/usr/libexec/httpd-ssl-gencerts
|
||||
@@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=Reload Apache for Let's Encrypt Certificate Insert
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/systemctl reload httpd.service
|
||||
|
||||
[Install]
|
||||
WantedBy=httpd.service
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user