v0.0.2
This commit is contained in:
@@ -1,66 +0,0 @@
|
||||
ServerRoot "/etc/httpd"
|
||||
|
||||
# standard
|
||||
LoadModule authz_core_module modules/mod_authz_core.so
|
||||
LoadModule unixd_module modules/mod_unixd.so
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
LoadModule logio_module modules/mod_logio.so
|
||||
LoadModule mime_magic_module modules/mod_mime_magic.so
|
||||
LoadModule mime_module modules/mod_mime.so
|
||||
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
||||
LoadModule cgi_module modules/mod_cgi.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
|
||||
# uncomment for htaccess
|
||||
LoadModule auth_basic_module modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module modules/mod_authn_core.so
|
||||
LoadModule authn_file_module modules/mod_authn_file.so
|
||||
LoadModule authz_user_module modules/mod_authz_user.so
|
||||
|
||||
# ldap
|
||||
LoadModule auth_digest_module modules/mod_auth_digest.so
|
||||
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
|
||||
LoadModule ldap_module modules/mod_ldap.so
|
||||
|
||||
Listen 80
|
||||
User apache
|
||||
Group apache
|
||||
|
||||
ServerName git.eom.dev
|
||||
ServerAdmin admin@mail.eom.dev
|
||||
|
||||
ErrorLog "logs/error_log"
|
||||
LogLevel warn
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
CustomLog "logs/access_log" combined
|
||||
|
||||
AddHandler cgi-script .cgi
|
||||
AddDefaultCharset UTF-8
|
||||
TypesConfig /etc/mime.types
|
||||
MIMEMagicFile conf/magic
|
||||
EnableSendfile on
|
||||
|
||||
<Directory />
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
DocumentRoot "/var/www/htdocs/cgit"
|
||||
<Directory "/var/www/htdocs/cgit/">
|
||||
DirectoryIndex cgit.cgi
|
||||
AllowOverride All
|
||||
Options +ExecCGI -FollowSymLinks
|
||||
AuthType basic
|
||||
AuthName git
|
||||
AuthBasicProvider ldap
|
||||
AuthLDAPBindDN "cn=admin,dc=eom,dc=dev"
|
||||
AuthLDAPBindPassword "{{ ldap_admin_password }}"
|
||||
AuthLDAPURL "ldap://openldap/dc=eom,dc=dev?uid"
|
||||
Require valid-user
|
||||
</Directory>
|
||||
|
||||
<Files ".ht*">
|
||||
Require all denied
|
||||
</Files>
|
||||
|
||||
25
templates/httpd-auth.conf.j2
Normal file
25
templates/httpd-auth.conf.j2
Normal file
@@ -0,0 +1,25 @@
|
||||
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
|
||||
LoadModule ldap_module modules/mod_ldap.so
|
||||
|
||||
<LocationMatch "^/">
|
||||
AuthType basic
|
||||
AuthName OpenLDAP
|
||||
AuthBasicProvider ldap
|
||||
AuthLDAPBindDN "cn=admin,dc=eom,dc=dev"
|
||||
AuthLDAPBindPassword "{{ ldap_admin_password }}"
|
||||
AuthLDAPURL "ldap://openldap/dc=eom,dc=dev?uid"
|
||||
<RequireAny>
|
||||
Require method GET OPTIONS
|
||||
Require valid-user
|
||||
</RequireAny>
|
||||
</LocationMatch>
|
||||
|
||||
<LocationMatch "^/eric">
|
||||
AuthType basic
|
||||
AuthName OpenLDAP
|
||||
AuthBasicProvider ldap
|
||||
AuthLDAPBindDN "cn=admin,dc=eom,dc=dev"
|
||||
AuthLDAPBindPassword "{{ ldap_admin_password }}"
|
||||
AuthLDAPURL "ldap://openldap/dc=eom,dc=dev?uid??(uid=eric)"
|
||||
Require valid-user
|
||||
</LocationMatch>
|
||||
@@ -1,46 +0,0 @@
|
||||
#
|
||||
# Distributed authoring and versioning (WebDAV)
|
||||
#
|
||||
# Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file,
|
||||
# mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs,
|
||||
# mod_setenvif
|
||||
|
||||
# The following example gives DAV write access to a directory called
|
||||
# "uploads" under the ServerRoot directory.
|
||||
#
|
||||
# The User/Group specified in httpd.conf needs to have write permissions
|
||||
# on the directory where the DavLockDB is placed and on any directory where
|
||||
# "Dav On" is specified.
|
||||
|
||||
DavLockDB "/usr/local/apache2/DavLock"
|
||||
|
||||
# Alias /uploads "/usr/local/apache2/uploads"
|
||||
|
||||
<Directory "/usr/local/apache2/htdocs">
|
||||
Dav On
|
||||
|
||||
Options Indexes FollowSymLinks
|
||||
|
||||
AuthType basic
|
||||
AuthName media
|
||||
AuthBasicProvider ldap
|
||||
AuthLDAPBindDN "cn=admin,dc=eom,dc=dev"
|
||||
AuthLDAPBindPassword "{{ ldap_admin_password }}"
|
||||
AuthLDAPURL "ldap://openldap/dc=eom,dc=dev?uid"
|
||||
Require valid-user
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# The following directives disable redirects on non-GET requests for
|
||||
# a directory that does not include the trailing slash. This fixes a
|
||||
# problem with several clients that do not appropriately handle
|
||||
# redirects for folders with DAV methods.
|
||||
#
|
||||
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
|
||||
BrowserMatch "MS FrontPage" redirect-carefully
|
||||
BrowserMatch "^WebDrive" redirect-carefully
|
||||
BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
|
||||
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
|
||||
BrowserMatch "^XML Spy" redirect-carefully
|
||||
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
|
||||
BrowserMatch " Konqueror/4" redirect-carefully
|
||||
@@ -79,12 +79,12 @@ LoadModule authz_user_module modules/mod_authz_user.so
|
||||
#LoadModule authz_owner_module modules/mod_authz_owner.so
|
||||
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
|
||||
LoadModule authz_core_module modules/mod_authz_core.so
|
||||
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
|
||||
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
|
||||
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
|
||||
LoadModule access_compat_module modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module modules/mod_auth_basic.so
|
||||
#LoadModule auth_form_module modules/mod_auth_form.so
|
||||
LoadModule auth_digest_module modules/mod_auth_digest.so
|
||||
#LoadModule auth_digest_module modules/mod_auth_digest.so
|
||||
#LoadModule allowmethods_module modules/mod_allowmethods.so
|
||||
#LoadModule isapi_module modules/mod_isapi.so
|
||||
#LoadModule file_cache_module modules/mod_file_cache.so
|
||||
@@ -122,7 +122,7 @@ LoadModule filter_module modules/mod_filter.so
|
||||
#LoadModule proxy_html_module modules/mod_proxy_html.so
|
||||
#LoadModule brotli_module modules/mod_brotli.so
|
||||
LoadModule mime_module modules/mod_mime.so
|
||||
LoadModule ldap_module modules/mod_ldap.so
|
||||
#LoadModule ldap_module modules/mod_ldap.so
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
#LoadModule log_debug_module modules/mod_log_debug.so
|
||||
#LoadModule log_forensic_module modules/mod_log_forensic.so
|
||||
@@ -238,7 +238,7 @@ ServerAdmin admin@mail.eom.dev
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
ServerName www.eom.dev:80
|
||||
ServerName {{ httpd_server_name }}:80
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
@@ -288,13 +288,7 @@ DocumentRoot "/usr/local/apache2/htdocs"
|
||||
#
|
||||
# Controls who can get stuff from this server.
|
||||
#
|
||||
AuthType basic
|
||||
AuthName www
|
||||
AuthBasicProvider ldap
|
||||
AuthLDAPBindDN "cn=admin,dc=eom,dc=dev"
|
||||
AuthLDAPBindPassword "{{ ldap_admin_password }}"
|
||||
AuthLDAPURL "ldap://openldap/dc=eom,dc=dev?uid"
|
||||
Require valid-user
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
#
|
||||
@@ -538,6 +532,10 @@ LogLevel warn
|
||||
# Various default settings
|
||||
#Include conf/extra/httpd-default.conf
|
||||
|
||||
{% for config in httpd_conf_extra %}
|
||||
Include conf/{{ config }}
|
||||
{% endfor %}
|
||||
|
||||
# Configure mod_proxy_html to understand HTML4/XHTML1
|
||||
<IfModule proxy_html_module>
|
||||
Include conf/extra/proxy-html.conf
|
||||
Reference in New Issue
Block a user