[LON-CAPA-cvs] cvs: doc /install/linux install.pl /install/linux/sles-suse/apache2.4 default-server.conf sysconfig_apache2 loncom/lonnet/perl lonnet.pm

raeburn raeburn at source.lon-capa.org
Fri Oct 26 13:49:19 EDT 2018


raeburn		Fri Oct 26 17:49:19 2018 EDT

  Added files:                 
    /doc/install/linux/sles-suse/apache2.4	default-server.conf 
                                          	sysconfig_apache2 

  Modified files:              
    /loncom/lonnet/perl	lonnet.pm 
    /doc/install/linux	install.pl 
  Log:
  - Support SLES 15.
  
  
-------------- next part --------------
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1172.2.93.4.4 loncom/lonnet/perl/lonnet.pm:1.1172.2.93.4.5
--- loncom/lonnet/perl/lonnet.pm:1.1172.2.93.4.4	Mon Oct 16 17:41:33 2017
+++ loncom/lonnet/perl/lonnet.pm	Wed Nov  1 03:29:37 2017
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1172.2.93.4.4 2017/10/16 17:41:33 raeburn Exp $
+# $Id: lonnet.pm,v 1.1172.2.93.4.5 2017/11/01 03:29:37 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -3443,12 +3443,12 @@
                          '_'.$env{'user.domain'}.'/pending';
         } elsif (($context eq 'existingfile') || ($context eq 'canceloverwrite')) {
             my ($docuname,$docudom);
-            if ($destudom) {
+            if ($destudom =~ /^$match_domain$/) {
                 $docudom = $destudom;
             } else {
                 $docudom = $env{'user.domain'};
             }
-            if ($destuname) {
+            if ($destuname =~ /^$match_username$/) {
                 $docuname = $destuname;
             } else {
                 $docuname = $env{'user.name'};
Index: doc/install/linux/install.pl
diff -u doc/install/linux/install.pl:1.48 doc/install/linux/install.pl:1.49
--- doc/install/linux/install.pl:1.48	Tue Oct 16 17:23:08 2018
+++ doc/install/linux/install.pl	Fri Oct 26 17:49:14 2018
@@ -77,7 +77,7 @@
           &mt('Stopping execution.')."\n";
     exit;
 } else {
-    print LOG '$Id: install.pl,v 1.48 2018/10/16 17:23:08 raeburn Exp $'."\n";
+    print LOG '$Id: install.pl,v 1.49 2018/10/26 17:49:14 raeburn Exp $'."\n";
 }
 
 #
@@ -164,7 +164,7 @@
 }
 
 sub get_distro {
-    my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow);
+    my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown);
     $packagecmd = '/bin/rpm -q LONCAPA-prerequisites ';
     if (-e '/etc/redhat-release') {
         open(IN,'</etc/redhat-release');
@@ -209,6 +209,7 @@
         } else {
             print &mt('Unable to interpret [_1] to determine system type.',
                       '/etc/redhat-release')."\n";
+            $unknown = 1;
         }
     } elsif (-e '/etc/SuSE-release') {
         open(IN,'</etc/SuSE-release');
@@ -235,19 +236,19 @@
         } else {
             print &mt('Unable to interpret [_1] to determine system type.',
                       '/etc/SuSE-release')."\n";
+            $unknown = 1;
         }
     } elsif (-e '/etc/issue') {
         open(IN,'</etc/issue');
         my $versionstring=<IN>;
         chomp($versionstring);
         close(IN);
-        $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';
-        $updatecmd = 'apt-get install loncapa-prerequisites';
         if ($versionstring =~ /^Ubuntu (\d+)\.\d+/i) {
             $distro = 'ubuntu'.$1;
             $updatecmd = 'sudo apt-get install loncapa-prerequisites';
         } elsif ($versionstring =~ /^Debian\s+GNU\/Linux\s+(\d+)\.\d+/i) {
             $distro = 'debian'.$1;
+            $updatecmd = 'apt-get install loncapa-prerequisites';
         } elsif (-e '/etc/debian_version') {
             open(IN,'</etc/debian_version');
             my $version=<IN>;
@@ -255,13 +256,15 @@
             close(IN);
             if ($version =~ /^(\d+)\.\d+\.?\d*/) {
                 $distro='debian'.$1;
+                $updatecmd = 'apt-get install loncapa-prerequisites';
             } else {
                 print &mt('Unable to interpret [_1] to determine system type.',
                           '/etc/debian_version')."\n";
+                $unknown = 1;
             }
-        } else {
-            print &mt('Unable to interpret [_1] to determine system type.',
-                      '/etc/issue')."\n";
+        }
+        if ($distro ne '') {
+            $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';
         }
     } elsif (-e '/etc/debian_version') {
         open(IN,'</etc/debian_version');
@@ -275,9 +278,38 @@
         } else {
             print &mt('Unable to interpret [_1] to determine system type.',
                       '/etc/debian_version')."\n";
+            $unknown = 1;
+        }
+    }
+    if (($distro eq '') && (!$unknown)) {
+        if (-e '/etc/os-release') {
+            if (open(IN,'<','/etc/os-release')) {
+                my ($id,$version);
+                while(<IN>) {
+                    chomp();
+                    if (/^ID="(\w+)"/) {
+                        $id=$1;
+                    } elsif (/^VERSION_ID="([\d\.]+)"/) {
+                        $version=$1;
+                    }
+                }
+                close(IN);
+                if ($id eq 'sles') {
+                    my ($major,$minor) = split(/\./,$version);
+                    if ($major =~ /^\d+$/) {
+                        $distro = $id.$major;
+                        $updatecmd = 'zypper install LONCAPA-prerequisites';
+                    }
+                }
+            }
+            if ($distro eq '') {
+                print &mt('Unable to interpret [_1] to determine system type.',
+                          '/etc/os-release')."\n";
+                $unknown = 1;
+            }
+        } else {
+            print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
         }
-    } else {
-        print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
     }
     return ($distro,$packagecmd,$updatecmd,$installnow);
 }
@@ -381,12 +413,19 @@
             print &mt('Failed to open: [_1], default locale not checked.',
                       '/etc/default/locale');
         }
-    } elsif ($distro =~ /^(suse|sles)/) {
-        if (!open($fh,"</etc/sysconfig/language")) {
-            print &mt('Failed to open: [_1], default locale not checked.',
-                      '/etc/sysconfig/language');
+    } elsif ($distro =~ /^(suse|sles)(\d+)/) {
+        if (($1 eq 'sles') && ($2 >= 15)) {
+            if (!open($fh,"</etc/locale.conf")) {
+                print &mt('Failed to open: [_1], default locale not checked.',
+                          '/etc/locale.conf');
+            }
+        } else {
+            if (!open($fh,"</etc/sysconfig/language")) {
+                print &mt('Failed to open: [_1], default locale not checked.',
+                          '/etc/sysconfig/language');
+            }
+            $langvar = 'RC_LANG';
         }
-        $langvar = 'RC_LANG';
     } elsif ($distro =~ /^fedora(\d+)/) {
         if ($1 >= 18) {
             if (!open($fh,"</etc/locale.conf")) {
@@ -562,6 +601,9 @@
             $proc_owner = 'mysql';
             $process = 'mysqld';
         }
+        if ($1 >= 15) {
+            $mysqldaemon ='mariadb';
+        }
     } elsif ($distro =~ /^suse(\d+)/) {
         if ($1 >= 13) {
             $use_systemctl = 1;
@@ -645,7 +687,12 @@
                     $uses_systemctl{'ntp'} = 1;
                     $uses_systemctl{'cups'} = 1;
                     $uses_systemctl{'memcached'} = 1;
-                    $daemon{'ntp'} = 'ntpd';
+                    if (($name eq 'sles') && ($num >= 15)) {
+                        $daemon{'ntp'} = 'chronyd';
+                        $daemon{'mysql'} = 'mariadb';
+                    } else {
+                        $daemon{'ntp'} = 'ntpd';
+                    }
                 }
             }
         }
@@ -775,7 +822,7 @@
         } else {
             $major = $version;
         }
-        if ($major > 10) {
+        if (($major > 10) && ($major <= 13)) {
             if (&check_SuSEfirewall2_setup($instdir)) {
                 $needfix{'insserv'} = 1;
             }
@@ -784,6 +831,43 @@
     return (\%needfix,\%tostop,\%uses_systemctl);
 }
 
+sub uses_firewalld {
+    my ($distro) = @_;
+    my ($inuse, $checkfirewalld);
+    if ($distro =~ /^(suse|sles)([\d\.]+)$/) {
+        if (($1 eq 'sles') && ($2 >= 15)) {
+            $checkfirewalld = 1;
+        }
+    } elsif ($distro =~ /^fedora(\d+)$/) {
+        if ($1 >= 18) {
+            $checkfirewalld = 1;
+        }
+    } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) {
+        if ($1 >= 7) {
+            $checkfirewalld = 1;
+        }
+    }
+    if ($checkfirewalld) {
+        my ($loaded,$active);
+        if (open(PIPE,"systemctl status firewalld |")) {
+            while (<PIPE>) {
+                chomp();
+                if (/^\s*Loaded:\s+(\w+)/) {
+                    $loaded = $1;
+                }
+                if (/^\s*Active\s+(\w+)/) {
+                    $active = $1;
+                }
+            }
+            close(PIPE);
+        }
+        if (($loaded eq 'loaded') || ($active eq 'active')) {
+            $inuse = 1;
+        }
+    }
+    return $inuse;
+}
+
 sub chkfirewall {
     my ($distro) = @_;
     my $configfirewall = 1;
@@ -793,25 +877,38 @@
                 );
     my %activefw;
     if (&firewall_is_active()) {
-        my $iptables = &get_pathto_iptables();
-        if ($iptables eq '') {
-            print &mt('Firewall not checked as path to iptables not determined.')."\n";
+        if (&uses_firewalld($distro)) {
+            my %current;
+            if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+                my $svc = <PIPE>;
+                close(PIPE);
+                chomp($svc);
+                map { $current{$_} = 1; } (split(/\s+/,$svc));
+            }
+            if ($current{'http'} && $current{'https'}) {
+                $configfirewall = 0;
+            }
         } else {
-            my @fwchains = &get_fw_chains($iptables,$distro);
-            if (@fwchains) {
-                foreach my $service ('http','https') {
-                    foreach my $fwchain (@fwchains) {
-                        if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
-                            $activefw{$service} = 1;
-                            last;
+            my $iptables = &get_pathto_iptables();
+            if ($iptables eq '') {
+                print &mt('Firewall not checked as path to iptables not determined.')."\n";
+            } else {
+                my @fwchains = &get_fw_chains($iptables,$distro);
+                if (@fwchains) {
+                    foreach my $service ('http','https') {
+                        foreach my $fwchain (@fwchains) {
+                            if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
+                                $activefw{$service} = 1;
+                                last;
+                            }
                         }
                     }
+                    if ($activefw{'http'}) {
+                        $configfirewall = 0;
+                    }
+                } else {
+                    print &mt('Firewall not checked as iptables Chains not identified.')."\n";
                 }
-                if ($activefw{'http'}) {
-                    $configfirewall = 0;
-                }
-            } else {
-                print &mt('Firewall not checked as iptables Chains not identified.')."\n";
             }
         }
     } else {
@@ -874,16 +971,21 @@
                 }
             }
         }
-    } elsif ($distro =~ /^(?:suse|sles)([\d\.]+)$/) {
+    } elsif ($distro =~ /^(suse|sles)([\d\.]+)$/) {
+        my ($name,$version) = ($1,$2);
         my $apache = 'apache';
-        if ($1 >= 10) {
+        my $conf_file = "$instdir/sles-suse/default-server.conf"; 
+        if ($version >= 10) {
             $apache = 'apache2';
         }
-        if (!-e "$instdir/sles-suse/default-server.conf") {
+        if (($name eq 'sles') && ($version >= 12)) {
+            $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
+        }
+        if (!-e "$conf_file") {
             $fixapache = 0;
             print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";
-        } elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/sles-suse/default-server.conf")) {
-            if (open(PIPE, "diff --brief $instdir/sles-suse/default-server.conf /etc/$apache/default-server.conf |")) {
+        } elsif (-e "/etc/$apache/default-server.conf") {
+            if (open(PIPE, "diff --brief $conf_file /etc/$apache/default-server.conf |")) {
                 my $diffres = <PIPE>;
                 close(PIPE);
                 chomp($diffres);
@@ -1456,10 +1558,16 @@
 
 sub firewall_is_active {
     if (-e '/proc/net/ip_tables_names') {
-        return 1;
-    } else {
-        return 0;
+        if (open(PIPE,'cat /proc/net/ip_tables_names |grep filter |')) {
+            my $status = <PIPE>;
+            close(PIPE);
+            chomp($status);
+            if ($status eq 'filter') {
+                return 1;
+            }
+        }
     }
+    return 0;
 }
 
 sub get_fw_chains {
@@ -1475,6 +1583,8 @@
             @posschains = ('ufw-user-input','INPUT');
         } elsif ($distro =~ /^debian5/) {
             @posschains = ('INPUT');
+        } elsif ($distro =~ /^(suse|sles)(\d+)/) {
+            @posschains = ('IN_public');
         } else {
             @posschains = ('RH-Firewall-1-INPUT','INPUT');
             if (!-e '/etc/sysconfig/iptables') {
@@ -1839,7 +1949,7 @@
 
 if ($callsub{'apache'}) {
     if ($distro =~ /^(suse|sles)/) {
-        &copy_apache2_suseconf($instdir,$hostname);
+        &copy_apache2_suseconf($instdir,$hostname,$distro);
     } elsif ($distro =~ /^(debian|ubuntu)/) {
         &copy_apache2_debconf($instdir,$distro,$hostname);
     } else {
@@ -1903,18 +2013,50 @@
             }  
         }
     }
-    if ($distro =~ /^(suse|sles)/) {
-        &update_SuSEfirewall2_setup($instdir);
+    if ($distro =~ /^(suse|sles)(\d+)/) {
+        unless(($1 eq 'sles') && ($2 >= 15)) {
+            &update_SuSEfirewall2_setup($instdir);
+        }
     }
 } else {
     &print_and_log(&mt('Skipping setting override for start-up order of services.')."\n");
 }
 
 if ($callsub{'firewall'}) {
-    if ($distro =~ /^(suse|sles)/) {
+    if (&uses_firewalld($distro)) {
+        my (%current,%added);
+        if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+            my $svc = <PIPE>;
+            close(PIPE);
+            chomp($svc);
+            map { $current{$_} = 1; } (split(/\s+/,$svc));
+        }
+        foreach my $service ('http','https') {
+            unless ($current{$service}) {
+                if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) {
+                    my $result = <PIPE>;
+                    if ($result =~ /^success/) {
+                        $added{$service} = 1;
+                    }
+                }
+            }
+        }
+        if (keys(%added) > 0) {
+            print &mt('Firewall configured to allow access for: [_1].',
+                      join(', ',sort(keys(%added))))."\n";
+        }
+        if ($current{'http'} || $current{'https'}) {
+            print &mt('Firewall already configured to allow access for:[_1].',
+                      (($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n";
+        }
+        unless ($current{'ssh'}) {
+            print &mt('If you would the like to allow access to ssh from outside, use the command[_1].',
+                  'firewall-cmd --permanent --zone=public --add-service=ssh')."\n";
+        }
+    } elsif ($distro =~ /^(suse|sles)/) {
         print &mt('Use [_1] to configure the firewall to allow access for [_2].',
                   'yast -- Security and Users -> Firewall -> Interfaces',
-                   'ssh, http, https')."\n";
+                  'ssh, http, https')."\n";
     } elsif ($distro =~ /^(debian|ubuntu)(\d+)/) {
         if (($1 eq 'ubuntu') || ($2 > 5)) {
             print &mt('Use [_1] to configure the firewall to allow access for [_2].',
@@ -2242,7 +2384,7 @@
     }
     if ($usesauth) {
         @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')",
-                         "ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'");
+                         "ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'");
     } elsif ($hasauthcol) {
         @mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');");
     } else {
@@ -2329,7 +2471,7 @@
 sub new_mysql_rootpasswd {
     my ($currmysqlpass,$usesauth) = @_;
     if ($usesauth) {
-        return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'",
+        return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'",
                 "FLUSH PRIVILEGES;");
     } else {
         return ("SET PASSWORD FOR 'root'\@'localhost'=PASSWORD('$currmysqlpass')",
@@ -2929,14 +3071,19 @@
 ###########################################################
 
 sub copy_apache2_suseconf {
-    my ($instdir,$hostname) = @_;
+    my ($instdir,$hostname,$distro) = @_;
+    my ($name,$version) = ($distro =~ /^(suse|sles)([\d\.]+)$/);
+    my $conf_file = "$instdir/sles-suse/default-server.conf";
+    if (($name eq 'sles') && ($version >= 12)) {
+        $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
+    }
     print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',
                   "'default-server.conf'",
                   "'/etc/apache2/default-server.conf'")."\n");
     if (!-e "/etc/apache2/default-server.conf.original") {
         copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original";
     }
-    copy "$instdir/sles-suse/default-server.conf","/etc/apache2/default-server.conf";
+    copy $conf_file,"/etc/apache2/default-server.conf";
     chmod(0444,"/etc/apache2/default-server.conf");
     # Make symlink for conf directory (included in loncapa_apache.conf)
     my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq '');
@@ -2947,7 +3094,7 @@
         &print_and_log(&mt('Symlink creation failed for [_1] to [_2]. You will need to perform this action from the command line.',"'/srv/www/conf'","'/etc/apache2'")."\n");
     }
     &copy_apache2_conf_files($instdir);
-    &copy_sysconfig_apache2_file($instdir); 
+    &copy_sysconfig_apache2_file($instdir,$name,$version); 
     print_and_log("\n");
 }
 
@@ -2973,12 +3120,16 @@
 ##
 ###############################################
 sub copy_sysconfig_apache2_file {
-    my ($instdir) = @_;
+    my ($instdir,$name,$version) = @_;
     print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'sysconfig/apache2'","'/etc/sysconfig/apache2'")."\n");
     if (!-e "/etc/sysconfig/apache2.original") {
         copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original";
     }
-    copy "$instdir/sles-suse/sysconfig_apache2","/etc/sysconfig/apache2";
+    my $sysconf_file = "$instdir/sles-suse/sysconfig_apache2";
+    if (($name eq 'sles') && ($version >= 12)) {
+       $sysconf_file = "$instdir/sles-suse/apache2.4/sysconfig_apache2";
+    }
+    copy "$sysconf_file","/etc/sysconfig/apache2";
     chmod(0444,"/etc/sysconfig/apache2");
 }
 

Index: doc/install/linux/sles-suse/apache2.4/default-server.conf
+++ doc/install/linux/sles-suse/apache2.4/default-server.conf
#
# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.
# 

DocumentRoot "/home/httpd/html"

#
# Configure the DocumentRoot
#
<Directory "/home/httpd/html">
	# Possible values for the Options directive are "None", "All",
	# or any combination of:
	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
	#
	# Note that "MultiViews" must be named *explicitly* --- "Options All"
	# doesn't give it to you.
	#
	# The Options directive is both complicated and important.  Please see
	# http://httpd.apache.org/docs/2.4/mod/core.html#options
	# for more information.
	# NOTE: For directories where RewriteRule is used, FollowSymLinks
	# or SymLinksIfOwnerMatch needs to be set in Options directive.
	Options None
	# AllowOverride controls what directives may be placed in .htaccess files.
	# It can be "All", "None", or any combination of the keywords:
	#   Options FileInfo AuthConfig Limit
	AllowOverride None
	# Controls who can get stuff from this server.
	<IfModule !mod_access_compat.c>
		Require all granted
	</IfModule>
	<IfModule mod_access_compat.c>
		Order allow,deny
		Allow from all
	</IfModule>
</Directory>

# Aliases: aliases can be added as needed (with no limit). The format is 
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL.  So "/icons" isn't aliased in this
# example, only "/icons/".  If the fakename is slash-terminated, then the 
# realname must also be slash terminated, and if the fakename omits the 
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings.  If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/usr/share/apache2/icons/"

<Directory "/usr/share/apache2/icons">
	Options Indexes MultiViews
	AllowOverride None
	<IfModule !mod_access_compat.c>
		Require all granted
	</IfModule>
	<IfModule mod_access_compat.c>
		Order allow,deny
		Allow from all
	</IfModule>
</Directory>

# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
#ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"

# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
#<Directory "/home/httpd/cgi-bin/">
#	AllowOverride None
#	Options +ExecCGI -Includes
#	<IfModule !mod_access_compat.c>
#		Require all granted
#	</IfModule>
#	<IfModule mod_access_compat.c>
#		Order allow,deny
#		Allow from all
#	</IfModule>
#</Directory>

# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES 
# in /etc/sysconfig/apache2.
#
<IfModule mod_userdir.c>
	# Note that the name of the user directory ("public_html") cannot simply be
	# changed here, since it is a compile time setting. The apache package
	# would have to be rebuilt. You could work around by deleting
	# /usr/sbin/suexec, but then all scripts from the directories would be
	# executed with the UID of the webserver.
	UserDir public_html
	# The actual configuration of the directory is in
	# /etc/apache2/mod_userdir.conf.
	Include /etc/apache2/mod_userdir.conf
	# You can, however, change the ~ if you find it awkward, by mapping e.g.
	# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/ 
	#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
</IfModule>


# Include all *.conf files from /etc/apache2/conf.d/.
#
# This is mostly meant as a place for other RPM packages to drop in their
# configuration snippet.
#
# You can comment this out here if you want those bits include only in a
# certain virtual host, but not here.
#
#IncludeOptional /etc/apache2/conf.d/*.conf

# The manual... if it is installed ('?' means it won't complain)
#IncludeOptional /etc/apache2/conf.d/apache2-manual?conf

Include /etc/apache2/loncapa_apache.conf


Index: doc/install/linux/sles-suse/apache2.4/sysconfig_apache2
+++ doc/install/linux/sles-suse/apache2.4/sysconfig_apache2
## Path:	Network/WWW/Apache2
## Description:	Configuration for Apache 2

## Type:	string
## Default:	""
## ServiceRestart: apache2
#
# Here you can name files, separated by spaces, that should be Include'd from 
# httpd.conf. 
#
# This allows you to add e.g. VirtualHost statements without touching 
# /etc/apache2/httpd.conf itself, which makes upgrading easier. 
#
APACHE_CONF_INCLUDE_FILES=""

## Type:	string
## Default:	""
## ServiceRestart: apache2
#
# Here you can name directories, separated by spaces, that should be Include'd 
# from httpd.conf. 
#
# All files contained in these directories will be recursively included by apache.
# If a pattern like *.conf is appended, apache will use it.
#
# Examples: "/etc/apache2/my_conf/"
#           "/etc/apache2/virtual_hosts/*.conf"
#           "local/*.conf /srv/www/virtual/"
#
APACHE_CONF_INCLUDE_DIRS=""

## Type:	string
## Default:	"actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
## ServiceRestart: apache2
#
# [It might look silly to not simply edit httpd.conf for the LoadModule statements.
# However, since the LoadModule statements might need an absolute path to the modules,
# switching between MPMs can be quite a hassle. It's easier to just give the names here.]
#
# * list of all modules shipped with the base distribution: 
#   see /usr/lib64/apache2-$MPM
#   see http://httpd.apache.org/docs/2.4/mod/ !
#
# * It pays to use IfDefine statements... like
#    <IfModule mod_xyz.c>
#        ....
#    </IfModule>
#
# * In the APACHE_MODULES variable, you can use mod_xyz or just xyz syntax.
#   You may also name an absolute path if you like.
#
# * NOTES ON SSL: 
#   1. Before you can use mod_ssl, you need a server certificate. 
#      A test certificate can be created by entering e. g.
#
#      $ gensslcert -n a.com
#
#      See gensslcert -h for or gensslcert script itself for details.
#   2. Also, you need to set the ServerName inside the <VirtualHost _default_:443> 
#      block to the fully qualified domain name (see /etc/HOSTNAME).
#   3. If your server certificate is protected by a passphrase you should increase the
#      APACHE_START_TIMEOUT (see above)
#   4. Consider to load also socache_shmcb module, see
#      http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncache
#      for details.
#   5. To finally enable ssl support, you need to add 'SSL' to APACHE_SERVER_FLAGS 
#      below.
#
# * modules listed here will be ignored if they are not installed
#
#
# EXAMPLES:
#
# fairly minimal
# APACHE_MODULES="authz_host alias auth dir log_config mime setenvif"
#
# apache's default installation
# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir"
# your settings
APACHE_MODULES="actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires headers include ldap log_config mime negotiation perl rewrite setenvif ssl socache_shmcb userdir reqtimeout"


## Type:	string
## Default:	""
## ServiceRestart: apache2
#
# Additional server flags:
#
# Put here any server flags ("Defines") that you want to hand over to 
# httpd at start time, or other command line flags.
#
# Background: Any directives within an <IfDefine flag>...</IfDefine>
#             section are only processed if the flag is defined.
#             This allows to write configuration which is active only in a
#             special cases, like during server maintenance, or for testing
#             something temporarily.
#
# Notably, to enable ssl support, 'SSL' needs to be added here.
# To enable the server-status, 'STATUS' needs to be added here.
#
# It does not matter if you write flag1, -D flag1 or -Dflag1.
# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2".
#
# Specifying such flags here is equivalent to giving them on the commandline.
# (e.g. via rcapache2 start -DReverseProxy)
#
# Example:
#      "SSL HTTP2 STATUS AWSTATS SVN_VIEWCVS no_subversion_today"
#
APACHE_SERVER_FLAGS="SSL"

## Type:	string
## Default:	""
## ServiceRestart: apache2
#
# Which config file do you want to use?
# (if not set, /etc/apache2/httpd.conf is used.)
# It is unusual to need to use this setting.
#
APACHE_HTTPD_CONF=""

## Type:	list(prefork,worker,event,itk)
## Default:	""
## ServiceRestart: apache2
#
# MPM (multi-processing module) to use.
#
# Needed to determine with which MPM apache will run, as well as
# against which header files modules will be built. 
#
# If not set, the system will simply pick one of the installed MPMs.
#
# The implementation of the logic is in /usr/share/apache2/find_mpm,
# a script which can be used standalone as well if needed.
#
APACHE_MPM="prefork"

## Type:	string
## Default:	""
## ServiceReload: apache2
#
# email address of the server administrator (ServerAdmin directive)
# This address is added to the server's responses if APACHE_SERVERSIGNATURE 
# is set to "email". 
#
# If empty ("") it defaults to webmaster@$FQHOSTNAME, where FQHOSTNAME is
# taken from /etc/HOSTNAME. 
#
# Note that ServerAdmin directives inside VirtualHost statements are not
# changed, even not the one in the stock SSL virtual host block. 
#
APACHE_SERVERADMIN=""

## Type:	string
## Default:	""
## ServiceReload: apache2
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work.  See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make 
# redirections work in a sensible way.
#
APACHE_SERVERNAME=""

## Type:	integer
## Default:	2
#
# timeout during server startup (seconds)
# after this time, the start script decides wether the httpd process started without error.
#
# Increase it, if you use mod_ssl and your certificate is passphrase protected!
#
APACHE_START_TIMEOUT="2"

## Type:	list(on,off,email)
## Default:	"on"
## ServiceReload: apache2
#
# Configures the footer on server-generated documents 
# This correlates to the ServerSignature directive. 
#
APACHE_SERVERSIGNATURE="off"

## Type:	list(debug,info,notice,warn,error,crit,alert,emerg)
## Default:	"warn"
## ServiceReload: apache2
#
# LogLevel: Control the number of messages logged to the error_log.
#
APACHE_LOGLEVEL="warn"

## Type:	string
## Default:	"/var/log/apache2/access_log combined"
## ServiceRestart: apache2
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here.  Contrarywise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
# Simply set it to empty, if you configure it yourself somewhere else.
# 
# Examples:
#
# If you would like to have agent and referer logfiles:
#
# setting it to "/var/log/apache2/referer_log referer, /var/log/apache2/agent_log agent"
#   corresponds to 
# CustomLog /var/log/apache2/referer_log referer
# CustomLog /var/log/apache2/agent_log   agent
#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format):
#
# setting it to "/var/log/apache2/access_log combined"
#   corresponds to 
# CustomLog /var/log/apache2/access_log combined
#
APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"

## Type:	list(On,Off,DNS)
## Default:	"Off"
## ServiceReload: apache2
#
# UseCanonicalName: Determines how Apache constructs self-referencing 
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client.  When set "On", Apache will use the value of the
# ServerName directive.
#
APACHE_USE_CANONICAL_NAME="off"

## Type:	list(Major,Minor,Minimal,ProductOnly,OS,Full)
## Default:	"OS"
## ServiceReload: apache2
#
# How much information the server response header field contains about the server.
# (installed modules, versions, etc.)
# see http://httpd.apache.org/docs/2.4/mod/core.html#servertokens
#
APACHE_SERVERTOKENS="Minimal"

## Type:	list(on,off)
## Default:	"off"
## ServiceReload: apache2
#
# If mod_status is used, include extended information about the server, like 
# CPU usage, in the status report. It is a server-wide setting, and it can cost
# some performance!
#
APACHE_EXTENDED_STATUS="off"


More information about the LON-CAPA-cvs mailing list