[LON-CAPA-cvs] cvs: doc /install/linux install.pl /install/linux/sles-suse/apache2.4 default-server.conf sysconfig_apache2 loncom/lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Fri Oct 26 13:49:19 EDT 2018
raeburn Fri Oct 26 17:49:19 2018 EDT
Added files:
/doc/install/linux/sles-suse/apache2.4 default-server.conf
sysconfig_apache2
Modified files:
/loncom/lonnet/perl lonnet.pm
/doc/install/linux install.pl
Log:
- Support SLES 15.
-------------- next part --------------
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1172.2.93.4.4 loncom/lonnet/perl/lonnet.pm:1.1172.2.93.4.5
--- loncom/lonnet/perl/lonnet.pm:1.1172.2.93.4.4 Mon Oct 16 17:41:33 2017
+++ loncom/lonnet/perl/lonnet.pm Wed Nov 1 03:29:37 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1172.2.93.4.4 2017/10/16 17:41:33 raeburn Exp $
+# $Id: lonnet.pm,v 1.1172.2.93.4.5 2017/11/01 03:29:37 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3443,12 +3443,12 @@
'_'.$env{'user.domain'}.'/pending';
} elsif (($context eq 'existingfile') || ($context eq 'canceloverwrite')) {
my ($docuname,$docudom);
- if ($destudom) {
+ if ($destudom =~ /^$match_domain$/) {
$docudom = $destudom;
} else {
$docudom = $env{'user.domain'};
}
- if ($destuname) {
+ if ($destuname =~ /^$match_username$/) {
$docuname = $destuname;
} else {
$docuname = $env{'user.name'};
Index: doc/install/linux/install.pl
diff -u doc/install/linux/install.pl:1.48 doc/install/linux/install.pl:1.49
--- doc/install/linux/install.pl:1.48 Tue Oct 16 17:23:08 2018
+++ doc/install/linux/install.pl Fri Oct 26 17:49:14 2018
@@ -77,7 +77,7 @@
&mt('Stopping execution.')."\n";
exit;
} else {
- print LOG '$Id: install.pl,v 1.48 2018/10/16 17:23:08 raeburn Exp $'."\n";
+ print LOG '$Id: install.pl,v 1.49 2018/10/26 17:49:14 raeburn Exp $'."\n";
}
#
@@ -164,7 +164,7 @@
}
sub get_distro {
- my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow);
+ my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown);
$packagecmd = '/bin/rpm -q LONCAPA-prerequisites ';
if (-e '/etc/redhat-release') {
open(IN,'</etc/redhat-release');
@@ -209,6 +209,7 @@
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/redhat-release')."\n";
+ $unknown = 1;
}
} elsif (-e '/etc/SuSE-release') {
open(IN,'</etc/SuSE-release');
@@ -235,19 +236,19 @@
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/SuSE-release')."\n";
+ $unknown = 1;
}
} elsif (-e '/etc/issue') {
open(IN,'</etc/issue');
my $versionstring=<IN>;
chomp($versionstring);
close(IN);
- $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';
- $updatecmd = 'apt-get install loncapa-prerequisites';
if ($versionstring =~ /^Ubuntu (\d+)\.\d+/i) {
$distro = 'ubuntu'.$1;
$updatecmd = 'sudo apt-get install loncapa-prerequisites';
} elsif ($versionstring =~ /^Debian\s+GNU\/Linux\s+(\d+)\.\d+/i) {
$distro = 'debian'.$1;
+ $updatecmd = 'apt-get install loncapa-prerequisites';
} elsif (-e '/etc/debian_version') {
open(IN,'</etc/debian_version');
my $version=<IN>;
@@ -255,13 +256,15 @@
close(IN);
if ($version =~ /^(\d+)\.\d+\.?\d*/) {
$distro='debian'.$1;
+ $updatecmd = 'apt-get install loncapa-prerequisites';
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/debian_version')."\n";
+ $unknown = 1;
}
- } else {
- print &mt('Unable to interpret [_1] to determine system type.',
- '/etc/issue')."\n";
+ }
+ if ($distro ne '') {
+ $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';
}
} elsif (-e '/etc/debian_version') {
open(IN,'</etc/debian_version');
@@ -275,9 +278,38 @@
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/debian_version')."\n";
+ $unknown = 1;
+ }
+ }
+ if (($distro eq '') && (!$unknown)) {
+ if (-e '/etc/os-release') {
+ if (open(IN,'<','/etc/os-release')) {
+ my ($id,$version);
+ while(<IN>) {
+ chomp();
+ if (/^ID="(\w+)"/) {
+ $id=$1;
+ } elsif (/^VERSION_ID="([\d\.]+)"/) {
+ $version=$1;
+ }
+ }
+ close(IN);
+ if ($id eq 'sles') {
+ my ($major,$minor) = split(/\./,$version);
+ if ($major =~ /^\d+$/) {
+ $distro = $id.$major;
+ $updatecmd = 'zypper install LONCAPA-prerequisites';
+ }
+ }
+ }
+ if ($distro eq '') {
+ print &mt('Unable to interpret [_1] to determine system type.',
+ '/etc/os-release')."\n";
+ $unknown = 1;
+ }
+ } else {
+ print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
}
- } else {
- print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
}
return ($distro,$packagecmd,$updatecmd,$installnow);
}
@@ -381,12 +413,19 @@
print &mt('Failed to open: [_1], default locale not checked.',
'/etc/default/locale');
}
- } elsif ($distro =~ /^(suse|sles)/) {
- if (!open($fh,"</etc/sysconfig/language")) {
- print &mt('Failed to open: [_1], default locale not checked.',
- '/etc/sysconfig/language');
+ } elsif ($distro =~ /^(suse|sles)(\d+)/) {
+ if (($1 eq 'sles') && ($2 >= 15)) {
+ if (!open($fh,"</etc/locale.conf")) {
+ print &mt('Failed to open: [_1], default locale not checked.',
+ '/etc/locale.conf');
+ }
+ } else {
+ if (!open($fh,"</etc/sysconfig/language")) {
+ print &mt('Failed to open: [_1], default locale not checked.',
+ '/etc/sysconfig/language');
+ }
+ $langvar = 'RC_LANG';
}
- $langvar = 'RC_LANG';
} elsif ($distro =~ /^fedora(\d+)/) {
if ($1 >= 18) {
if (!open($fh,"</etc/locale.conf")) {
@@ -562,6 +601,9 @@
$proc_owner = 'mysql';
$process = 'mysqld';
}
+ if ($1 >= 15) {
+ $mysqldaemon ='mariadb';
+ }
} elsif ($distro =~ /^suse(\d+)/) {
if ($1 >= 13) {
$use_systemctl = 1;
@@ -645,7 +687,12 @@
$uses_systemctl{'ntp'} = 1;
$uses_systemctl{'cups'} = 1;
$uses_systemctl{'memcached'} = 1;
- $daemon{'ntp'} = 'ntpd';
+ if (($name eq 'sles') && ($num >= 15)) {
+ $daemon{'ntp'} = 'chronyd';
+ $daemon{'mysql'} = 'mariadb';
+ } else {
+ $daemon{'ntp'} = 'ntpd';
+ }
}
}
}
@@ -775,7 +822,7 @@
} else {
$major = $version;
}
- if ($major > 10) {
+ if (($major > 10) && ($major <= 13)) {
if (&check_SuSEfirewall2_setup($instdir)) {
$needfix{'insserv'} = 1;
}
@@ -784,6 +831,43 @@
return (\%needfix,\%tostop,\%uses_systemctl);
}
+sub uses_firewalld {
+ my ($distro) = @_;
+ my ($inuse, $checkfirewalld);
+ if ($distro =~ /^(suse|sles)([\d\.]+)$/) {
+ if (($1 eq 'sles') && ($2 >= 15)) {
+ $checkfirewalld = 1;
+ }
+ } elsif ($distro =~ /^fedora(\d+)$/) {
+ if ($1 >= 18) {
+ $checkfirewalld = 1;
+ }
+ } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) {
+ if ($1 >= 7) {
+ $checkfirewalld = 1;
+ }
+ }
+ if ($checkfirewalld) {
+ my ($loaded,$active);
+ if (open(PIPE,"systemctl status firewalld |")) {
+ while (<PIPE>) {
+ chomp();
+ if (/^\s*Loaded:\s+(\w+)/) {
+ $loaded = $1;
+ }
+ if (/^\s*Active\s+(\w+)/) {
+ $active = $1;
+ }
+ }
+ close(PIPE);
+ }
+ if (($loaded eq 'loaded') || ($active eq 'active')) {
+ $inuse = 1;
+ }
+ }
+ return $inuse;
+}
+
sub chkfirewall {
my ($distro) = @_;
my $configfirewall = 1;
@@ -793,25 +877,38 @@
);
my %activefw;
if (&firewall_is_active()) {
- my $iptables = &get_pathto_iptables();
- if ($iptables eq '') {
- print &mt('Firewall not checked as path to iptables not determined.')."\n";
+ if (&uses_firewalld($distro)) {
+ my %current;
+ if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+ my $svc = <PIPE>;
+ close(PIPE);
+ chomp($svc);
+ map { $current{$_} = 1; } (split(/\s+/,$svc));
+ }
+ if ($current{'http'} && $current{'https'}) {
+ $configfirewall = 0;
+ }
} else {
- my @fwchains = &get_fw_chains($iptables,$distro);
- if (@fwchains) {
- foreach my $service ('http','https') {
- foreach my $fwchain (@fwchains) {
- if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
- $activefw{$service} = 1;
- last;
+ my $iptables = &get_pathto_iptables();
+ if ($iptables eq '') {
+ print &mt('Firewall not checked as path to iptables not determined.')."\n";
+ } else {
+ my @fwchains = &get_fw_chains($iptables,$distro);
+ if (@fwchains) {
+ foreach my $service ('http','https') {
+ foreach my $fwchain (@fwchains) {
+ if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
+ $activefw{$service} = 1;
+ last;
+ }
}
}
+ if ($activefw{'http'}) {
+ $configfirewall = 0;
+ }
+ } else {
+ print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}
- if ($activefw{'http'}) {
- $configfirewall = 0;
- }
- } else {
- print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}
}
} else {
@@ -874,16 +971,21 @@
}
}
}
- } elsif ($distro =~ /^(?:suse|sles)([\d\.]+)$/) {
+ } elsif ($distro =~ /^(suse|sles)([\d\.]+)$/) {
+ my ($name,$version) = ($1,$2);
my $apache = 'apache';
- if ($1 >= 10) {
+ my $conf_file = "$instdir/sles-suse/default-server.conf";
+ if ($version >= 10) {
$apache = 'apache2';
}
- if (!-e "$instdir/sles-suse/default-server.conf") {
+ if (($name eq 'sles') && ($version >= 12)) {
+ $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
+ }
+ if (!-e "$conf_file") {
$fixapache = 0;
print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";
- } elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/sles-suse/default-server.conf")) {
- if (open(PIPE, "diff --brief $instdir/sles-suse/default-server.conf /etc/$apache/default-server.conf |")) {
+ } elsif (-e "/etc/$apache/default-server.conf") {
+ if (open(PIPE, "diff --brief $conf_file /etc/$apache/default-server.conf |")) {
my $diffres = <PIPE>;
close(PIPE);
chomp($diffres);
@@ -1456,10 +1558,16 @@
sub firewall_is_active {
if (-e '/proc/net/ip_tables_names') {
- return 1;
- } else {
- return 0;
+ if (open(PIPE,'cat /proc/net/ip_tables_names |grep filter |')) {
+ my $status = <PIPE>;
+ close(PIPE);
+ chomp($status);
+ if ($status eq 'filter') {
+ return 1;
+ }
+ }
}
+ return 0;
}
sub get_fw_chains {
@@ -1475,6 +1583,8 @@
@posschains = ('ufw-user-input','INPUT');
} elsif ($distro =~ /^debian5/) {
@posschains = ('INPUT');
+ } elsif ($distro =~ /^(suse|sles)(\d+)/) {
+ @posschains = ('IN_public');
} else {
@posschains = ('RH-Firewall-1-INPUT','INPUT');
if (!-e '/etc/sysconfig/iptables') {
@@ -1839,7 +1949,7 @@
if ($callsub{'apache'}) {
if ($distro =~ /^(suse|sles)/) {
- ©_apache2_suseconf($instdir,$hostname);
+ ©_apache2_suseconf($instdir,$hostname,$distro);
} elsif ($distro =~ /^(debian|ubuntu)/) {
©_apache2_debconf($instdir,$distro,$hostname);
} else {
@@ -1903,18 +2013,50 @@
}
}
}
- if ($distro =~ /^(suse|sles)/) {
- &update_SuSEfirewall2_setup($instdir);
+ if ($distro =~ /^(suse|sles)(\d+)/) {
+ unless(($1 eq 'sles') && ($2 >= 15)) {
+ &update_SuSEfirewall2_setup($instdir);
+ }
}
} else {
&print_and_log(&mt('Skipping setting override for start-up order of services.')."\n");
}
if ($callsub{'firewall'}) {
- if ($distro =~ /^(suse|sles)/) {
+ if (&uses_firewalld($distro)) {
+ my (%current,%added);
+ if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+ my $svc = <PIPE>;
+ close(PIPE);
+ chomp($svc);
+ map { $current{$_} = 1; } (split(/\s+/,$svc));
+ }
+ foreach my $service ('http','https') {
+ unless ($current{$service}) {
+ if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) {
+ my $result = <PIPE>;
+ if ($result =~ /^success/) {
+ $added{$service} = 1;
+ }
+ }
+ }
+ }
+ if (keys(%added) > 0) {
+ print &mt('Firewall configured to allow access for: [_1].',
+ join(', ',sort(keys(%added))))."\n";
+ }
+ if ($current{'http'} || $current{'https'}) {
+ print &mt('Firewall already configured to allow access for:[_1].',
+ (($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n";
+ }
+ unless ($current{'ssh'}) {
+ print &mt('If you would the like to allow access to ssh from outside, use the command[_1].',
+ 'firewall-cmd --permanent --zone=public --add-service=ssh')."\n";
+ }
+ } elsif ($distro =~ /^(suse|sles)/) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',
'yast -- Security and Users -> Firewall -> Interfaces',
- 'ssh, http, https')."\n";
+ 'ssh, http, https')."\n";
} elsif ($distro =~ /^(debian|ubuntu)(\d+)/) {
if (($1 eq 'ubuntu') || ($2 > 5)) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',
@@ -2242,7 +2384,7 @@
}
if ($usesauth) {
@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')",
- "ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'");
+ "ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'");
} elsif ($hasauthcol) {
@mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');");
} else {
@@ -2329,7 +2471,7 @@
sub new_mysql_rootpasswd {
my ($currmysqlpass,$usesauth) = @_;
if ($usesauth) {
- return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'",
+ return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'",
"FLUSH PRIVILEGES;");
} else {
return ("SET PASSWORD FOR 'root'\@'localhost'=PASSWORD('$currmysqlpass')",
@@ -2929,14 +3071,19 @@
###########################################################
sub copy_apache2_suseconf {
- my ($instdir,$hostname) = @_;
+ my ($instdir,$hostname,$distro) = @_;
+ my ($name,$version) = ($distro =~ /^(suse|sles)([\d\.]+)$/);
+ my $conf_file = "$instdir/sles-suse/default-server.conf";
+ if (($name eq 'sles') && ($version >= 12)) {
+ $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
+ }
print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',
"'default-server.conf'",
"'/etc/apache2/default-server.conf'")."\n");
if (!-e "/etc/apache2/default-server.conf.original") {
copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original";
}
- copy "$instdir/sles-suse/default-server.conf","/etc/apache2/default-server.conf";
+ copy $conf_file,"/etc/apache2/default-server.conf";
chmod(0444,"/etc/apache2/default-server.conf");
# Make symlink for conf directory (included in loncapa_apache.conf)
my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq '');
@@ -2947,7 +3094,7 @@
&print_and_log(&mt('Symlink creation failed for [_1] to [_2]. You will need to perform this action from the command line.',"'/srv/www/conf'","'/etc/apache2'")."\n");
}
©_apache2_conf_files($instdir);
- ©_sysconfig_apache2_file($instdir);
+ ©_sysconfig_apache2_file($instdir,$name,$version);
print_and_log("\n");
}
@@ -2973,12 +3120,16 @@
##
###############################################
sub copy_sysconfig_apache2_file {
- my ($instdir) = @_;
+ my ($instdir,$name,$version) = @_;
print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'sysconfig/apache2'","'/etc/sysconfig/apache2'")."\n");
if (!-e "/etc/sysconfig/apache2.original") {
copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original";
}
- copy "$instdir/sles-suse/sysconfig_apache2","/etc/sysconfig/apache2";
+ my $sysconf_file = "$instdir/sles-suse/sysconfig_apache2";
+ if (($name eq 'sles') && ($version >= 12)) {
+ $sysconf_file = "$instdir/sles-suse/apache2.4/sysconfig_apache2";
+ }
+ copy "$sysconf_file","/etc/sysconfig/apache2";
chmod(0444,"/etc/sysconfig/apache2");
}
Index: doc/install/linux/sles-suse/apache2.4/default-server.conf
+++ doc/install/linux/sles-suse/apache2.4/default-server.conf
#
# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.
#
DocumentRoot "/home/httpd/html"
#
# Configure the DocumentRoot
#
<Directory "/home/httpd/html">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
# NOTE: For directories where RewriteRule is used, FollowSymLinks
# or SymLinksIfOwnerMatch needs to be set in Options directive.
Options None
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# Aliases: aliases can be added as needed (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/usr/share/apache2/icons/"
<Directory "/usr/share/apache2/icons">
Options Indexes MultiViews
AllowOverride None
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
#ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
#<Directory "/home/httpd/cgi-bin/">
# AllowOverride None
# Options +ExecCGI -Includes
# <IfModule !mod_access_compat.c>
# Require all granted
# </IfModule>
# <IfModule mod_access_compat.c>
# Order allow,deny
# Allow from all
# </IfModule>
#</Directory>
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES
# in /etc/sysconfig/apache2.
#
<IfModule mod_userdir.c>
# Note that the name of the user directory ("public_html") cannot simply be
# changed here, since it is a compile time setting. The apache package
# would have to be rebuilt. You could work around by deleting
# /usr/sbin/suexec, but then all scripts from the directories would be
# executed with the UID of the webserver.
UserDir public_html
# The actual configuration of the directory is in
# /etc/apache2/mod_userdir.conf.
Include /etc/apache2/mod_userdir.conf
# You can, however, change the ~ if you find it awkward, by mapping e.g.
# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
</IfModule>
# Include all *.conf files from /etc/apache2/conf.d/.
#
# This is mostly meant as a place for other RPM packages to drop in their
# configuration snippet.
#
# You can comment this out here if you want those bits include only in a
# certain virtual host, but not here.
#
#IncludeOptional /etc/apache2/conf.d/*.conf
# The manual... if it is installed ('?' means it won't complain)
#IncludeOptional /etc/apache2/conf.d/apache2-manual?conf
Include /etc/apache2/loncapa_apache.conf
Index: doc/install/linux/sles-suse/apache2.4/sysconfig_apache2
+++ doc/install/linux/sles-suse/apache2.4/sysconfig_apache2
## Path: Network/WWW/Apache2
## Description: Configuration for Apache 2
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Here you can name files, separated by spaces, that should be Include'd from
# httpd.conf.
#
# This allows you to add e.g. VirtualHost statements without touching
# /etc/apache2/httpd.conf itself, which makes upgrading easier.
#
APACHE_CONF_INCLUDE_FILES=""
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Here you can name directories, separated by spaces, that should be Include'd
# from httpd.conf.
#
# All files contained in these directories will be recursively included by apache.
# If a pattern like *.conf is appended, apache will use it.
#
# Examples: "/etc/apache2/my_conf/"
# "/etc/apache2/virtual_hosts/*.conf"
# "local/*.conf /srv/www/virtual/"
#
APACHE_CONF_INCLUDE_DIRS=""
## Type: string
## Default: "actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
## ServiceRestart: apache2
#
# [It might look silly to not simply edit httpd.conf for the LoadModule statements.
# However, since the LoadModule statements might need an absolute path to the modules,
# switching between MPMs can be quite a hassle. It's easier to just give the names here.]
#
# * list of all modules shipped with the base distribution:
# see /usr/lib64/apache2-$MPM
# see http://httpd.apache.org/docs/2.4/mod/ !
#
# * It pays to use IfDefine statements... like
# <IfModule mod_xyz.c>
# ....
# </IfModule>
#
# * In the APACHE_MODULES variable, you can use mod_xyz or just xyz syntax.
# You may also name an absolute path if you like.
#
# * NOTES ON SSL:
# 1. Before you can use mod_ssl, you need a server certificate.
# A test certificate can be created by entering e. g.
#
# $ gensslcert -n a.com
#
# See gensslcert -h for or gensslcert script itself for details.
# 2. Also, you need to set the ServerName inside the <VirtualHost _default_:443>
# block to the fully qualified domain name (see /etc/HOSTNAME).
# 3. If your server certificate is protected by a passphrase you should increase the
# APACHE_START_TIMEOUT (see above)
# 4. Consider to load also socache_shmcb module, see
# http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncache
# for details.
# 5. To finally enable ssl support, you need to add 'SSL' to APACHE_SERVER_FLAGS
# below.
#
# * modules listed here will be ignored if they are not installed
#
#
# EXAMPLES:
#
# fairly minimal
# APACHE_MODULES="authz_host alias auth dir log_config mime setenvif"
#
# apache's default installation
# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir"
# your settings
APACHE_MODULES="actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires headers include ldap log_config mime negotiation perl rewrite setenvif ssl socache_shmcb userdir reqtimeout"
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Additional server flags:
#
# Put here any server flags ("Defines") that you want to hand over to
# httpd at start time, or other command line flags.
#
# Background: Any directives within an <IfDefine flag>...</IfDefine>
# section are only processed if the flag is defined.
# This allows to write configuration which is active only in a
# special cases, like during server maintenance, or for testing
# something temporarily.
#
# Notably, to enable ssl support, 'SSL' needs to be added here.
# To enable the server-status, 'STATUS' needs to be added here.
#
# It does not matter if you write flag1, -D flag1 or -Dflag1.
# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2".
#
# Specifying such flags here is equivalent to giving them on the commandline.
# (e.g. via rcapache2 start -DReverseProxy)
#
# Example:
# "SSL HTTP2 STATUS AWSTATS SVN_VIEWCVS no_subversion_today"
#
APACHE_SERVER_FLAGS="SSL"
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Which config file do you want to use?
# (if not set, /etc/apache2/httpd.conf is used.)
# It is unusual to need to use this setting.
#
APACHE_HTTPD_CONF=""
## Type: list(prefork,worker,event,itk)
## Default: ""
## ServiceRestart: apache2
#
# MPM (multi-processing module) to use.
#
# Needed to determine with which MPM apache will run, as well as
# against which header files modules will be built.
#
# If not set, the system will simply pick one of the installed MPMs.
#
# The implementation of the logic is in /usr/share/apache2/find_mpm,
# a script which can be used standalone as well if needed.
#
APACHE_MPM="prefork"
## Type: string
## Default: ""
## ServiceReload: apache2
#
# email address of the server administrator (ServerAdmin directive)
# This address is added to the server's responses if APACHE_SERVERSIGNATURE
# is set to "email".
#
# If empty ("") it defaults to webmaster@$FQHOSTNAME, where FQHOSTNAME is
# taken from /etc/HOSTNAME.
#
# Note that ServerAdmin directives inside VirtualHost statements are not
# changed, even not the one in the stock SSL virtual host block.
#
APACHE_SERVERADMIN=""
## Type: string
## Default: ""
## ServiceReload: apache2
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
APACHE_SERVERNAME=""
## Type: integer
## Default: 2
#
# timeout during server startup (seconds)
# after this time, the start script decides wether the httpd process started without error.
#
# Increase it, if you use mod_ssl and your certificate is passphrase protected!
#
APACHE_START_TIMEOUT="2"
## Type: list(on,off,email)
## Default: "on"
## ServiceReload: apache2
#
# Configures the footer on server-generated documents
# This correlates to the ServerSignature directive.
#
APACHE_SERVERSIGNATURE="off"
## Type: list(debug,info,notice,warn,error,crit,alert,emerg)
## Default: "warn"
## ServiceReload: apache2
#
# LogLevel: Control the number of messages logged to the error_log.
#
APACHE_LOGLEVEL="warn"
## Type: string
## Default: "/var/log/apache2/access_log combined"
## ServiceRestart: apache2
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrarywise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
# Simply set it to empty, if you configure it yourself somewhere else.
#
# Examples:
#
# If you would like to have agent and referer logfiles:
#
# setting it to "/var/log/apache2/referer_log referer, /var/log/apache2/agent_log agent"
# corresponds to
# CustomLog /var/log/apache2/referer_log referer
# CustomLog /var/log/apache2/agent_log agent
#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format):
#
# setting it to "/var/log/apache2/access_log combined"
# corresponds to
# CustomLog /var/log/apache2/access_log combined
#
APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"
## Type: list(On,Off,DNS)
## Default: "Off"
## ServiceReload: apache2
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
APACHE_USE_CANONICAL_NAME="off"
## Type: list(Major,Minor,Minimal,ProductOnly,OS,Full)
## Default: "OS"
## ServiceReload: apache2
#
# How much information the server response header field contains about the server.
# (installed modules, versions, etc.)
# see http://httpd.apache.org/docs/2.4/mod/core.html#servertokens
#
APACHE_SERVERTOKENS="Minimal"
## Type: list(on,off)
## Default: "off"
## ServiceReload: apache2
#
# If mod_status is used, include extended information about the server, like
# CPU usage, in the status report. It is a server-wide setting, and it can cost
# some performance!
#
APACHE_EXTENDED_STATUS="off"
More information about the LON-CAPA-cvs
mailing list