You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Sander Temme <sc...@apache.org> on 2012/03/25 18:22:36 UTC
Re: [users@httpd] Suspicious URL:Re: [users@httpd] Problems in setting up a "HTTPS" based WebDAV server
Hi Soumendu,
On Mar 23, 2012, at 7:22 AM, Soumendu Bhattacharya wrote:
> Hi Ajay,
> The certificate which you have incorporated is a CA Certificate as its being complained by the web server. It’s not expecting a CA certificate but a RSA server certificate.
Apache works fine with a certificate that has the CA capability. It's not something you'd want for Production (segregation of duties is a good thing, and this should be expressed in the certificates you use), but it's fine for testing.
S.
> [Thu Mar 22 19:31:17 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
>
>
> How did you generate this certificate ?
>
> Hope this helps.
>
> Regards
>
> Soumendu
>
> From: Ajay Garg [mailto:ajaygargnsit@gmail.com]
> Sent: Friday, March 23, 2012 7:44 PM
> To: Mathijs
> Cc: users@httpd.apache.org
> Subject: Suspicious URL:Re: [users@httpd] Problems in setting up a "HTTPS" based WebDAV server
>
> Posted a query to openssl mailing list as well.
>
>
> =========================== MESSAGE TO openssl BEGINS HERE ======================================
> Hi all.
>
> I have been trying lately to debug a startup issue in APACHE's httpd service; and the last logs I receive in "/etc/httpd/logs_error_log" is
>
> ##############################
> #######################################################################################
> [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
> #####################################################################################################################
>
>
>
>
>
>
> As part of some desperate attempts, I downloaded source-rpms of "httpd" and "openssl", and tracked down the source from where error-emanates.
> Following is the code-snippet from "crypto/x509/x509_cmp.c"
>
> ######################################################################################################################
> int X509_check_private_key(X509 *x, EVP_PKEY *k)
> {
> EVP_PKEY *xk;
> int ret;
>
> xk=X509_get_pubkey(x);
>
> if (xk)
> ret = EVP_PKEY_cmp(xk, k);
> else
> ret = -2;
>
> switch (ret)
> {
> case 1:
> break;
> case 0:
> X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
> break;
> case -1:
> X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
> break;
> case -2:
> X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
> }
> if (xk)
> EVP_PKEY_free(xk);
> if (ret > 0)
> return 1;
> return 0;
> }
> ######################################################################################################################
>
> After the call to " ret = EVP_PKEY_cmp(xk, k);", 0 is being returned as return value.
>
> So, my query is ::
>
> _What do the parameters "X509 *x, EVP_PKEY *k" correspond to_ ?
>
>
> My guess is that "x" corresponds to a ".crt" file, while "k" corresponds to a "key" file.
> The values at my side are ::
>
>
>
> ssl.crt
> ---------
>
>
> #######################################################################################################################
> -----BEGIN CERTIFICATE-----
> MIICUDCCAbmgAwIBAgIJAOupq9QBcIRCMA0GCSqGSIb3DQEBBQUAMEExFjAUBgNV
> BAMMDWFqYXkuZ2FyZy5jb20xJzAlBgkqhkiG9w0BCQEWGGFqYXlAYWN0aXZpdHlj
> ZW50cmFsLmNvbTAeFw0xMjAzMjIxNDAwMzVaFw0xMzAzMjIxNDAwMzVaMEExFjAU
> BgNVBAMMDWFqYXkuZ2FyZy5jb20xJzAlBgkqhkiG9w0BCQEWGGFqYXlAYWN0aXZp
> dHljZW50cmFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAntF9ouTD
> HNXB4k/phcTbyAp6EP0a3r6CjEGFrD424Yi8eeOgXCwo4s/hh9tadl/8uLxw50y+
> 0kQz+IGDCZMmfm3HjBgSM6E14Ju3exQE9VD+1W61FD2nwAXBNIXRUd01/E+OEk28
> 9nVHm7iSEsLOGEBjpbQnim3o0iBLsdAg/y8CAwEAAaNQME4wHQYDVR0OBBYEFOd+
> nLQpcOK2zq5+wZwf5uV2/UngMB8GA1UdIwQYMBaAFOd+nLQpcOK2zq5+wZwf5uV2
> /UngMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAUsx+2loW96Aq6fG5
> /TBx99Uwnf0p3b52RQ+99CQQj3MQqiuvvvkn1w3joGLK51Xc3sR7/T6bn5BR1vBk
> p2g/HmmAHZlTLOJeV9fEofyGf0/Gv7OqpO4NAtBfCd6crdrv3Q37SPppsQ0dkLOs
> wQAMLtx4u7QQWze0P7FPCAjE+ZQ=
> -----END CERTIFICATE-----
> #######################################################################################################################
>
>
>
>
>
> ssl.key
> ----------
>
> ########################################################################################################################
> -----BEGIN PRIVATE KEY-----
> MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJ7RfaLkwxzVweJP
> 6YXE28gKehD9Gt6+goxBhaw+NuGIvHnjoFwsKOLP4YfbWnZf/Li8cOdMvtJEM/iB
> gwmTJn5tx4wYEjOhNeCbt3sUBPVQ/tVutRQ9p8AFwTSF0VHdNfxPjhJNvPZ1R5u4
> khLCzhhAY6W0J4pt6NIgS7HQIP8vAgMBAAECgYApRPrGx3dEGO/G5Ukjb6JE+yP5
> IixHUW4PED+yIICWXrfLXLEhAoClX6uVaBS7yfmb76vPDwxPC1YN72mjpU9NBmDt
> DxGloXEulrHyCtULykVfpWFxQ/sDgxyve7OhmDJPANELkyUKz4bCfcItML3jY3Si
> wyjfA/xyCmmOt1xOQQJBAMv5WDFqmk0r9HCM0RHaxxKvPtH37CJjtkzQMVacneZT
> 0gePS+pwmTTvh58h4vND+IBIfsVfrqFPRx9fXUKPstECQQDHU6r8pr8iFtmPe/Ka
> TiiZ/YsWEC9zcObn3os4iglwy/1RWDYTMmtQImm3LVbCtz+/vrM/TJdUShT1Bgxx
> vhH/AkAt8cpFx0deXqo+t9lX9jmlIcg6r2eHD4K+pp6Wbcy7VuIWRdbJxfccj1+z
> HoTqWsMc0jeL6dOCDkNs86QkHA4hAkA0QH6mVJ/uM8c8keV7Bdom5Aw98Gg//uzJ
> A9HDNIxdAVyaomEqjyEKlLrZxgzkZl1Tyo36nf1dnz33LWq9tnHJAkBO2h8KJbWh
> 9SzvU0xH9neKRVGRL7XppIVGrNOVKIok4zvm5I9SoC/3u9vbG+LtlBdbRKTn5s0E
> IvP7lBIUuBOg
> -----END PRIVATE KEY-----
> ########################################################################################################################
>
>
> So, is a return value of "0" expected for these?
>
>
> Looking forward to a reply.
>
>
> Thanks and Regards,
> Ajay
>
> =========================== MESSAGE TO openssl ENDS HERE ========================================
>
>
>
> Regards,
> Ajay
>
>
> On Thu, Mar 22, 2012 at 7:40 PM, Ajay Garg <aj...@gmail.com> wrote:
> Thanks Mathijs for the reply.
>
> 1)
> It's ok, I am just in the test-up phase; I have already generated new keys and certificates more than a dozen times :)
>
>
>
>
>
> 2)
> Thanks for the help.
> I used this command, and generated a new pair of keys and certificates (without a passphrase).
> As expected, I wasn't asked for any passphrase now, when starting "httpd"; however, the service showed "FAILED" at startup, and I got the same logs in "/etc/httpd/logs/error_log" as follows ::
>
> ################################################################################################################
> [Thu Mar 22 19:31:16 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
> [Thu Mar 22 19:31:16 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Thu Mar 22 19:31:16 2012] [notice] SSL FIPS mode disabled
> [Thu Mar 22 19:31:17 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
> [Thu Mar 22 19:31:17 2012] [error] Unable to configure RSA server private key
> [Thu Mar 22 19:31:17 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
> ################################################################################################################
>
>
>
> For brevity, here is the startup script output too ::
>
>
> ################################################################################################################
> [ajay@ajay certs]$ sudo service httpd start
> Starting httpd: [Thu Mar 22 19:31:16 2012] [warn] module ssl_module is already loaded, skipping
> [FAILED]
> ################################################################################################################
>
>
>
>
>
>
> 3) Mathijs, I think this is a step too far to consider at this point, as the service hasn't started as yet.
> Anyways, I have already made the following values are the same across all ::
>
> (i) "ServerName" in "/etc/httpd/conf/httpd.conf"
> (ii) "CN" in the certificate
>
>
> And sorry for kinda spamming the mailing list; but I had thought this might turn out to be first-time-newbie question.
> My heartlful apologies .. :(
>
> Finally, thanks for the irc link :)
>
>
>
> Sorry, Thanks and Regards,
> Ajay
>
>
>
>
> On Thu, Mar 22, 2012 at 6:31 PM, Mathijs <ma...@gmail.com> wrote:
> Hi and welcome to Apache,
>
> Some notes about your questions:
>
> 1) You probably shouldn't post private keys to public mailing lists
>
> 2) Try generating the self-signed key and certificate pair with this command:
> openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout ssl.key -out ssl.crt
> (No need for a passphrase either.)
>
> 3) The CN or Common Name in a SSL certificate should always match the Host header in the http request. You are setting the Common Name to 127.0.0.1 and accessing the server with 'localhost', which causes a mismatch.
>
> And finally, if you need urgent help, its often a better idea to join the apache httpd channel on irc (#httpd on irc.freenode.net) instead of repeatedly posting to the mailinglist.
>
> On Thu, Mar 22, 2012 at 1:45 PM, Ajay Garg <aj...@gmail.com> wrote:
> Ping .. :-)
>
> (On a serious note, I really need some help).
>
> Thanks and Regards,
> Ajay
>
>
> On Thu, Mar 22, 2012 at 10:14 AM, Ajay Garg <aj...@gmail.com> wrote:
> I came across talks wherein it was mentioned that there could be mismatches in the "modulus" and "public exponent" of "server.key" and "server.crt". I have done the tests (using "openssl" command), but both - "modulus" and "public exponent" appear to be the same.
>
> For brevity, I am posting the contents ::
>
> server.key ::
>
> ####################################################################################################################
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,06A5864C289A29E8133ECDC689F27D91
>
> PYvc38+2ReDk6ZrWBIkl6kkfFzob56ZXNMjcB/Iz0yHhKj2NI79h5wli+TLD30PP
> BdsFgF4GTjHuLseD80EulX1JpcfHWgGEL92/flO9eRpxUeu9UgE+BcMyxaa2q3HO
> mHgozrTf+GNRJ+r6ApNDVAGPv2ysf8t78nHvS16m4NuX01Asc6v9+3A5jpLgZ8L/
> /eXbE5OVCOgdU4pULrfRb79N2rcpfk9+dWKfHkAdFNpMLqK0tmyp/pzn/V9PDcQe
> 5L2xxTHnw3A9TZYwW3YG0buKeFLInt1w9ZRyJ81XfmsVtrcaZiwtNH2oEfwLtxVo
> rWDPGeIJbdPNRwCgsT8ysRFC8H6K47UN5EM95Fnn/SW/VuFo7nFtTDP73s9sJiwT
> P//PZbUxW1kAsj0KmWN70zfJIwZoQ2ar79r6aa4BS8buqumSuzVGJGEGzFD6CbuE
> 3YXnyflANuA8zvhS0x44+yqd+x2DQUb80S3tZebAyEakBqeGNQGbWwI2/VgA/mDL
> 5O8niB9wu4CoC6z4PIFlhER5Pwo5MrYVPLzmak8/Ouw2Vo+a9lRrmr6BiSTHReMr
> QZ3FMax+ZH8cWBzfd2/tp0uGu4kh0fik6JzPOY6wvOIvB6Q6nylOY0DiVkmEryt+
> z4BzpxweNd0jd6x68fl3ZfK7a9GYrUr33Dan7Z1VUZm9iuusOgIQ3IxEO74gAvOU
> +RabEs3VbeKCb9c32zAfYWnmZuqBgHRTKc0prSx/LANnjkG8VoMslXY0Uw4965Hd
> JPzQ5FGuKTK+21eLtPelMye2uXFmkzpsPi/8/2Zk91UmasuMoJWK1hlSiztEP3I7
> slbGdk2yJiC6JTCZltoAWVYH4Fr/QQasn36WwBnTTEgABXUsz+UqwIaSZK192L0Z
> yOTuxYNE4loc3cUcUDPT9e8T6L9X6qcvNMkkY4E/HdvGizXB1scb6X9+Xn3s2aTS
> cCO2udxWnBDJ21t7f8yVkRUt93dQ9JlLUEFgjWFkHkippj9N6PXE7aHnXt9LiUKs
> Ooc9iEZFIhxICw51t/NXmq/2seoV1GgwysYdTdXbN0b1C7PVP2Nsy12zpcNbyCPT
> XAqclsCGnBVU1FKA7Rjwua2uiPd05kE85pail6wRrMx0/8NnveVmQpVA1B5lcQb+
> EL2baH9MnDkuMB02UHi/x+s+qBEHKUBQ0x4zK0Fb7sxw9Hr5XejxkAfZj4vOSLem
> STajY7jcGNIcXlTkv4Uj2u065I+jiWzEI9DWZVU+AR0GnEXoTT5RzR+Dj15DjUYt
> UqawF4vXWZh9egaygNxx/PBGnSKjtUEW4mTb13xW/0ZV+WrMntFPG8JqZyZeMDPI
> 9gMW6PCr/KidIfDC8d0NRz1rWrSEVWqZ12UJJny0xvw3dnbvJ/T652iYo743owBl
> 8yIKHFBtLv5muBQ52AYrOrYlD8E55B+25jwoY7z/5Ct9kjxCMPWjRiGDdDJIkg3g
> y/LljDRLp4SFvLPAESJ6gepLPFOTuuAdiI3rQd94pTsGHCGLRamro1HW11bJ4nsk
> vPw+MDFHebycRrEHTryL5+DOrbuwo14KbQGQxbT4JC0lEx/5W7w0KwfOp5p1f3zm
> -----END RSA PRIVATE KEY-----
> ####################################################################################################################
>
>
>
>
> server.crt ::
>
> ####################################################################################################################
> -----BEGIN CERTIFICATE-----
> MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCSU4x
> DjAMBgNVBAgMBURlbGhpMQ4wDAYDVQQHDAVEZWxoaTEOMAwGA1UECgwFRGVsaGkx
> DjAMBgNVBAsMBURlbGhpMRIwEAYDVQQDDAkxMjcuMC4wLjExJTAjBgkqhkiG9w0B
> CQEWFmFqYXlnYXJnbnNpdEBnbWFpbC5jb20wHhcNMTIwMzIxMTMyMTUyWhcNMTMw
> MzIxMTMyMTUyWjCBiDELMAkGA1UEBhMCSU4xDjAMBgNVBAgMBURlbGhpMQ4wDAYD
> VQQHDAVEZWxoaTEOMAwGA1UECgwFRGVsaGkxDjAMBgNVBAsMBURlbGhpMRIwEAYD
> VQQDDAkxMjcuMC4wLjExJTAjBgkqhkiG9w0BCQEWFmFqYXlnYXJnbnNpdEBnbWFp
> bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU8htaaJnsOTPD
> AZQkNE7SHGvQ5RFsTqZOZeaNEV2F6LUqvK8ysmCnKVGE8F9+2we1I/W1bxNsx5f2
> 2ifd2u/pROOPzO0xhlJzWJmJy0xeIcWceMNXUDLXr2ix8+b6LCPbzsyEGbg6IQAE
> AyIMaFv3pA1nYjfEV9ntyF4SEkMgSQdCGfhqQY4ILvWoqbRZwQwKhPxzM6NXmPxW
> kxelx6QUAlAwjqgMaHI+Fa2dk6NNTk9GWB3QYN24Cw+kFGv9f2UkJQlQ0qiC8R+d
> Bh63oNdvZG5YR4QycqCFoPEdwcL2ak5hr8TfVx1sTA/75sswkKUrZYSrAbGgerN2
> KsSWu6utAgMBAAGjUDBOMB0GA1UdDgQWBBQGl2ejA7PJlpC2bwp9gP0NlOwEgDAf
> BgNVHSMEGDAWgBQGl2ejA7PJlpC2bwp9gP0NlOwEgDAMBgNVHRMEBTADAQH/MA0G
> CSqGSIb3DQEBBQUAA4IBAQA93Hkimjlm5g8j7+rZq4sfVhBO7Opx7IoMtkcrmClM
> AECUrzWnQfJoSWQCzW+Gaj9F/CXtQYKt0VnAdGD212CJ6dzhJR1UfTzwSVdzK4gl
> C0Q7YqLZMp7GrpTSOB1rwxNAQwuhcJWiOQP1dRJF8OqSu8ywE5y2hNeCTiXZlLlH
> p+RBxdtG30NJHDDoosx76fUVE4S2Ll3UKKBqXfrQmtF+QnHPEtSHk8cesVFymNU3
> WtQhiAy58RYoU24RX/AcvV/PfFcEpXAVVNndwuZkhV+9uD2NzvkxhcVUx0CDSy/J
> xdsjcda59LByv1K0J46hsWb5AuRbVos6u+O2CpcOj028
> -----END CERTIFICATE-----
> ####################################################################################################################
>
>
>
> Regards,
> Ajay
>
>
> On Wed, Mar 21, 2012 at 6:55 PM, Ajay Garg <aj...@gmail.com> wrote:
> Well, I looked into "/etc/httpd/logs/error_log", and found that were some errors related to server-name not matching (don't remember the exact statement). But even then the service startup showed "OK", which apparently is a misnomer.
>
> Anyways, I regenerated "server.key" and "server.crt" by ::
>
> ##################################################################################################################
> [ajay@ajay ~]$ cd /etc/ssl/certs/
> [ajay@ajay certs]$ ls
> localhost.crt make-dummy-cert Makefile server.crt server.key
> [ajay@ajay certs]$ pwd
> /etc/ssl/certs
> [ajay@ajay certs]$ sudo rm server.key
> [ajay@ajay certs]$ sudo rm server.crt
> [ajay@ajay certs]$ sudo make server.key
> umask 77 ; \
> /usr/bin/openssl genrsa -aes128 2048 > server.key
> Generating RSA private key, 2048 bit long modulus
> ...........................................................................................+++
> .........................................+++
> e is 65537 (0x10001)
> Enter pass phrase:
> Verifying - Enter pass phrase:
> [ajay@ajay certs]$ sudo make server.crt
> umask 77 ; \
> /usr/bin/openssl req -utf8 -new -key server.key -x509 -days 365 -out server.crt -set_serial 0
> Enter pass phrase for server.key:
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [XX]:IN
> State or Province Name (full name) []:Delhi
> Locality Name (eg, city) [Default City]:Delhi
> Organization Name (eg, company) [Default Company Ltd]:Delhi
> Organizational Unit Name (eg, section) []:Delhi
> Common Name (eg, your name or your server's hostname) []:127.0.0.1
> Email Address []:ajaygargnsit@gmail.com
> ##################################################################################################################
>
>
>
>
>
>
> I then tried to start "httpd" ::
>
> ##################################################################################################################
> [ajay@ajay certs]$ sudo service httpd start
> Starting httpd: [Wed Mar 21 18:52:00 2012] [warn] module ssl_module is already loaded, skipping
>
> Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide the pass phrases.
>
> Server 127.0.0.1:443 (RSA)
>
> Enter pass phrase:
>
> OK: Pass Phrase Dialog successful.
> [FAILED]
> ##################################################################################################################
>
>
>
>
>
>
>
>
> and "/etc/httpd/logs/error_log" showed ::
>
> ##################################################################################################################
> [Wed Mar 21 18:52:00 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
> [Wed Mar 21 18:52:00 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Wed Mar 21 18:52:00 2012] [notice] SSL FIPS mode disabled
> [Wed Mar 21 18:52:02 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
> [Wed Mar 21 18:52:02 2012] [error] Unable to configure RSA server private key
> [Wed Mar 21 18:52:02 2012] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
> ##################################################################################################################
>
>
>
> Ideas.. ??
>
>
> Thanks and Regards,
> Ajay
>
>
>
>
> On Wed, Mar 21, 2012 at 5:37 PM, Ajay Garg <aj...@gmail.com> wrote:
> Hi all.
>
> I am afraid I am a newbie to Apache; and have been trying to setup a HTTPS based WebDAV server using Apache2 on Fedora 14.
>
> Prior to this, I could get the HTTP based WebDAV server working, and accessing the shares via gnome-nautilus worked like a charm :-)
> Thus, I will present whatever I have tried to setup the HTTPS variant.
>
>
> 1.
> Following are the contents of "/etc/httpd/conf/httpd.conf"
>
> ##############################
> ###############################################################################################
> #
> # This is the main Apache server configuration file. It contains the
> # configuration directives that give the server its instructions.
> # See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
> # In particular, see
> # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
> # for a discussion of each configuration directive.
> #
> #
> # Do NOT simply read the instructions in here without understanding
> # what they do. They're here only as hints or reminders. If you are unsure
> # consult the online docs. You have been warned.
> #
> # The configuration directives are grouped into three basic sections:
> # 1. Directives that control the operation of the Apache server process as a
> # whole (the 'global environment').
> # 2. Directives that define the parameters of the 'main' or 'default' server,
> # which responds to requests that aren't handled by a virtual host.
> # These directives also provide default values for the settings
> # of all virtual hosts.
> # 3. Settings for virtual hosts, which allow Web requests to be sent to
> # different IP addresses or hostnames and have them handled by the
> # same Apache server process.
> #
> # Configuration and logfile names: If the filenames you specify for many
> # of the server's control files begin with "/" (or "drive:/" for Win32), the
> # server will use that explicit path. If the filenames do *not* begin
> # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
> # with ServerRoot set to "/etc/httpd" will be interpreted by the
> # server as "/etc/httpd/logs/foo.log".
> #
>
> ### Section 1: Global Environment
> #
> # The directives in this section affect the overall operation of Apache,
> # such as the number of concurrent requests it can handle or where it
> # can find its configuration files.
> #
>
> #
> # Don't give away too much information about all the subcomponents
> # we are running. Comment out this line if you don't mind remote sites
> # finding out what major optional modules you are running
> ServerTokens OS
>
> #
> # ServerRoot: The top of the directory tree under which the server's
> # configuration, error, and log files are kept.
> #
> # NOTE! If you intend to place this on an NFS (or otherwise network)
> # mounted filesystem then please read the LockFile documentation
> # (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
> # you will save yourself a lot of trouble.
> #
> # Do NOT add a slash at the end of the directory path.
> #
> ServerRoot "/etc/httpd"
>
> #
> # PidFile: The file in which the server should record its process
> # identification number when it starts. Note the PIDFILE variable in
> # /etc/sysconfig/httpd must be set appropriately if this location is
> # changed.
> #
> PidFile run/httpd.pid
>
> #
> # Timeout: The number of seconds before receives and sends time out.
> #
> Timeout 60
>
> #
> # KeepAlive: Whether or not to allow persistent connections (more than
> # one request per connection). Set to "Off" to deactivate.
> #
> KeepAlive Off
>
> #
> # MaxKeepAliveRequests: The maximum number of requests to allow
> # during a persistent connection. Set to 0 to allow an unlimited amount.
> # We recommend you leave this number high, for maximum performance.
> #
> MaxKeepAliveRequests 100
>
> #
> # KeepAliveTimeout: Number of seconds to wait for the next request from the
> # same client on the same connection.
> #
> KeepAliveTimeout 5
>
> ##
> ## Server-Pool Size Regulation (MPM specific)
> ##
>
> # prefork MPM
> # StartServers: number of server processes to start
> # MinSpareServers: minimum number of server processes which are kept spare
> # MaxSpareServers: maximum number of server processes which are kept spare
> # ServerLimit: maximum value for MaxClients for the lifetime of the server
> # MaxClients: maximum number of server processes allowed to start
> # MaxRequestsPerChild: maximum number of requests a server process serves
> <IfModule prefork.c>
> StartServers 8
> MinSpareServers 5
> MaxSpareServers 20
> ServerLimit 256
> MaxClients 256
> MaxRequestsPerChild 4000
> </IfModule>
>
> # worker MPM
> # StartServers: initial number of server processes to start
> # MaxClients: maximum number of simultaneous client connections
> # MinSpareThreads: minimum number of worker threads which are kept spare
> # MaxSpareThreads: maximum number of worker threads which are kept spare
> # ThreadsPerChild: constant number of worker threads in each server process
> # MaxRequestsPerChild: maximum number of requests a server process serves
> <IfModule worker.c>
> StartServers 4
> MaxClients 300
> MinSpareThreads 25
> MaxSpareThreads 75
> ThreadsPerChild 25
> MaxRequestsPerChild 0
> </IfModule>
>
> #
> # Listen: Allows you to bind Apache to specific IP addresses and/or
> # ports, in addition to the default. See also the <VirtualHost>
> # directive.
> #
> # Change this to Listen on specific IP addresses as shown below to
> # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
> #
> #Listen 12.34.56.78:80
> Listen 80
>
> #
> # Dynamic Shared Object (DSO) Support
> #
> # To be able to use the functionality of a module which was built as a DSO you
> # have to place corresponding `LoadModule' lines at this location so the
> # directives contained in it are actually available _before_ they are used.
> # Statically compiled modules (those listed by `httpd -l') do not need
> # to be loaded here.
> #
> # Example:
> # LoadModule foo_module modules/mod_foo.so
> #
> LoadModule auth_basic_module modules/mod_auth_basic.so
> LoadModule auth_digest_module modules/mod_auth_digest.so
> LoadModule authn_file_module modules/mod_authn_file.so
> LoadModule authn_alias_module modules/mod_authn_alias.so
> LoadModule authn_anon_module modules/mod_authn_anon.so
> LoadModule authn_dbm_module modules/mod_authn_dbm.so
> LoadModule authn_default_module modules/mod_authn_default.so
> LoadModule authz_host_module modules/mod_authz_host.so
> LoadModule authz_user_module modules/mod_authz_user.so
> LoadModule authz_owner_module modules/mod_authz_owner.so
> LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
> LoadModule authz_dbm_module modules/mod_authz_dbm.so
> LoadModule authz_default_module modules/mod_authz_default.so
> LoadModule ldap_module modules/mod_ldap.so
> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> LoadModule include_module modules/mod_include.so
> LoadModule log_config_module modules/mod_log_config.so
> LoadModule logio_module modules/mod_logio.so
> LoadModule env_module modules/mod_env.so
> LoadModule ext_filter_module modules/mod_ext_filter.so
> LoadModule mime_magic_module modules/mod_mime_magic.so
> LoadModule expires_module modules/mod_expires.so
> LoadModule deflate_module modules/mod_deflate.so
> LoadModule headers_module modules/mod_headers.so
> LoadModule usertrack_module modules/mod_usertrack.so
> LoadModule setenvif_module modules/mod_setenvif.so
> LoadModule mime_module modules/mod_mime.so
> LoadModule dav_module modules/mod_dav.so
> LoadModule status_module modules/mod_status.so
> LoadModule autoindex_module modules/mod_autoindex.so
> LoadModule info_module modules/mod_info.so
> LoadModule dav_fs_module modules/mod_dav_fs.so
> LoadModule vhost_alias_module modules/mod_vhost_alias.so
> LoadModule negotiation_module modules/mod_negotiation.so
> LoadModule dir_module modules/mod_dir.so
> LoadModule actions_module modules/mod_actions.so
> LoadModule speling_module modules/mod_speling.so
> LoadModule userdir_module modules/mod_userdir.so
> LoadModule alias_module modules/mod_alias.so
> LoadModule substitute_module modules/mod_substitute.so
> LoadModule rewrite_module modules/mod_rewrite.so
> LoadModule proxy_module modules/mod_proxy.so
> LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> LoadModule proxy_http_module modules/mod_proxy_http.so
> LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> LoadModule cache_module modules/mod_cache.so
> LoadModule suexec_module modules/mod_suexec.so
> LoadModule disk_cache_module modules/mod_disk_cache.so
> LoadModule cgi_module modules/mod_cgi.so
> LoadModule version_module modules/mod_version.so
> LoadModule ssl_module modules/mod_ssl.so
>
> #
> # The following modules are not loaded by default:
> #
> #LoadModule asis_module modules/mod_asis.so
> #LoadModule authn_dbd_module modules/mod_authn_dbd.so
> #LoadModule cern_meta_module modules/mod_cern_meta.so
> #LoadModule cgid_module modules/mod_cgid.so
> #LoadModule dbd_module modules/mod_dbd.so
> #LoadModule dumpio_module modules/mod_dumpio.so
> #LoadModule filter_module modules/mod_filter.so
> #LoadModule ident_module modules/mod_ident.so
> #LoadModule log_forensic_module modules/mod_log_forensic.so
> #LoadModule unique_id_module modules/mod_unique_id.so
> #
>
> #
> # Load config files from the config directory "/etc/httpd/conf.d".
> #
> Include conf.d/*.conf
>
> #
> # ExtendedStatus controls whether Apache will generate "full" status
> # information (ExtendedStatus On) or just basic information (ExtendedStatus
> # Off) when the "server-status" handler is called. The default is Off.
> #
> #ExtendedStatus On
>
> #
> # If you wish httpd to run as a different user or group, you must run
> # httpd as root initially and it will switch.
> #
> # User/Group: The name (or #number) of the user/group to run httpd as.
> # . On SCO (ODT 3) use "User nouser" and "Group nogroup".
> # . On HPUX you may not be able to use shared memory as nobody, and the
> # suggested workaround is to create a user www and use that user.
> # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
> # when the value of (unsigned)Group is above 60000;
> # don't use Group #-1 on these systems!
> #
> User apache
> Group apache
>
> ### Section 2: 'Main' server configuration
> #
> # The directives in this section set up the values used by the 'main'
> # server, which responds to any requests that aren't handled by a
> # <VirtualHost> definition. These values also provide defaults for
> # any <VirtualHost> containers you may define later in the file.
> #
> # All of these directives may appear inside <VirtualHost> containers,
> # in which case these default settings will be overridden for the
> # virtual host being defined.
> #
>
> #
> # ServerAdmin: Your address, where problems with the server should be
> # e-mailed. This address appears on some server-generated pages, such
> # as error documents. e.g. admin@your-domain.com
> #
> ServerAdmin root@localhost
>
> #
> # ServerName gives the name and port that the server uses to identify itself.
> # This can often be determined automatically, but we recommend you specify
> # it explicitly to prevent problems during startup.
> #
> # If this is not set to valid DNS name for your host, server-generated
> # redirections will not work. See also the UseCanonicalName directive.
> #
> # If your host doesn't have a registered DNS name, enter its IP address here.
> # You will have to access it by its address anyway, and this will make
> # redirections work in a sensible way.
> #
> #ServerName www.example.com:80
>
> #
> # UseCanonicalName: Determines how Apache constructs self-referencing
> # URLs and the SERVER_NAME and SERVER_PORT variables.
> # When set "Off", Apache will use the Hostname and Port supplied
> # by the client. When set "On", Apache will use the value of the
> # ServerName directive.
> #
> UseCanonicalName Off
>
> #
> # DocumentRoot: The directory out of which you will serve your
> # documents. By default, all requests are taken from this directory, but
> # symbolic links and aliases may be used to point to other locations.
> #
> DocumentRoot "/var/www/html"
>
> #
> # Each directory to which Apache has access can be configured with respect
> # to which services and features are allowed and/or disabled in that
> # directory (and its subdirectories).
> #
> # First, we configure the "default" to be a very restrictive set of
> # features.
> #
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> #
> # Note that from this point forward you must specifically allow
> # particular features to be enabled - so if something's not working as
> # you might expect, make sure that you have specifically enabled it
> # below.
> #
>
> #
> # This should be changed to whatever you set DocumentRoot to.
> #
> <Directory "/var/www/html">
>
> #
> # Possible values for the Options directive are "None", "All",
> # or any combination of:
> # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
> #
> # Note that "MultiViews" must be named *explicitly* --- "Options All"
> # doesn't give it to you.
> #
> # The Options directive is both complicated and important. Please see
> # http://httpd.apache.org/docs/2.2/mod/core.html#options
> # for more information.
> #
> Options Indexes FollowSymLinks
>
> #
> # AllowOverride controls what directives may be placed in .htaccess files.
> # It can be "All", "None", or any combination of the keywords:
> # Options FileInfo AuthConfig Limit
> #
> AllowOverride None
>
> #
> # Controls who can get stuff from this server.
> #
> Order allow,deny
> Allow from all
>
> </Directory>
>
> #
> # UserDir: The name of the directory that is appended onto a user's home
> # directory if a ~user request is received.
> #
> # The path to the end user account 'public_html' directory must be
> # accessible to the webserver userid. This usually means that ~userid
> # must have permissions of 711, ~userid/public_html must have permissions
> # of 755, and documents contained therein must be world-readable.
> # Otherwise, the client will only receive a "403 Forbidden" message.
> #
> # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
> #
> <IfModule mod_userdir.c>
> #
> # UserDir is disabled by default since it can confirm the presence
> # of a username on the system (depending on home directory
> # permissions).
> #
> UserDir disabled
>
> #
> # To enable requests to /~user/ to serve the user's public_html
> # directory, remove the "UserDir disabled" line above, and uncomment
> # the following line instead:
> #
> #UserDir public_html
>
> </IfModule>
>
> #
> # Control access to UserDir directories. The following is an example
> # for a site where these directories are restricted to read-only.
> #
> #<Directory /home/*/public_html>
> # AllowOverride FileInfo AuthConfig Limit
> # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> # <Limit GET POST OPTIONS>
> # Order allow,deny
> # Allow from all
> # </Limit>
> # <LimitExcept GET POST OPTIONS>
> # Order deny,allow
> # Deny from all
> # </LimitExcept>
> #</Directory>
>
> #
> # DirectoryIndex: sets the file that Apache will serve if a directory
> # is requested.
> #
> # The index.html.var file (a type-map) is used to deliver content-
> # negotiated documents. The MultiViews Option can be used for the
> # same purpose, but it is much slower.
> #
> DirectoryIndex index.html index.html.var
>
> #
> # AccessFileName: The name of the file to look for in each directory
> # for additional configuration directives. See also the AllowOverride
> # directive.
> #
> AccessFileName .htaccess
>
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <Files ~ "^\.ht">
> Order allow,deny
> Deny from all
> Satisfy All
> </Files>
>
> #
> # TypesConfig describes where the mime.types file (or equivalent) is
> # to be found.
> #
> TypesConfig /etc/mime.types
>
> #
> # DefaultType is the default MIME type the server will use for a document
> # if it cannot otherwise determine one, such as from filename extensions.
> # If your server contains mostly text or HTML documents, "text/plain" is
> # a good value. If most of your content is binary, such as applications
> # or images, you may want to use "application/octet-stream" instead to
> # keep browsers from trying to display binary files as though they are
> # text.
> #
> DefaultType text/plain
>
> #
> # The mod_mime_magic module allows the server to use various hints from the
> # contents of the file itself to determine its type. The MIMEMagicFile
> # directive tells the module where the hint definitions are located.
> #
> <IfModule mod_mime_magic.c>
> # MIMEMagicFile /usr/share/magic.mime
> MIMEMagicFile conf/magic
> </IfModule>
>
> #
> # HostnameLookups: Log the names of clients or just their IP addresses
> # e.g., www.apache.org (on) or 204.62.129.132 (off).
> # The default is off because it'd be overall better for the net if people
> # had to knowingly turn this feature on, since enabling it means that
> # each client request will result in AT LEAST one lookup request to the
> # nameserver.
> #
> HostnameLookups Off
>
> #
> # EnableMMAP: Control whether memory-mapping is used to deliver
> # files (assuming that the underlying OS supports it).
> # The default is on; turn this off if you serve from NFS-mounted
> # filesystems. On some systems, turning it off (regardless of
> # filesystem) can improve performance; for details, please see
> # http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
> #
> #EnableMMAP off
>
> #
> # EnableSendfile: Control whether the sendfile kernel support is
> # used to deliver files (assuming that the OS supports it).
> # The default is on; turn this off if you serve from NFS-mounted
> # filesystems. Please see
> # http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
> #
> #EnableSendfile off
>
> #
> # ErrorLog: The location of the error log file.
> # If you do not specify an ErrorLog directive within a <VirtualHost>
> # container, error messages relating to that virtual host will be
> # logged here. If you *do* define an error logfile for a <VirtualHost>
> # container, that host's errors will be logged there and not here.
> #
> ErrorLog logs/error_log
>
> #
> # LogLevel: Control the number of messages logged to the error_log.
> # Possible values include: debug, info, notice, warn, error, crit,
> # alert, emerg.
> #
> LogLevel warn
>
> #
> # The following directives define some format nicknames for use with
> # a CustomLog directive (see below).
> #
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> LogFormat "%{Referer}i -> %U" referer
> LogFormat "%{User-agent}i" agent
>
> # "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
> # requires the mod_logio module to be loaded.
> #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
>
> #
> # The location and format of the access logfile (Common Logfile Format).
> # If you do not define any access logfiles within a <VirtualHost>
> # container, they will be logged here. Contrariwise, if you *do*
> # define per-<VirtualHost> access logfiles, transactions will be
> # logged therein and *not* in this file.
> #
> #CustomLog logs/access_log common
>
> #
> # If you would like to have separate agent and referer logfiles, uncomment
> # the following directives.
> #
> #CustomLog logs/referer_log referer
> #CustomLog logs/agent_log agent
>
> #
> # For a single logfile with access, agent, and referer information
> # (Combined Logfile Format), use the following directive:
> #
> CustomLog logs/access_log combined
>
> #
> # Optionally add a line containing the server version and virtual host
> # name to server-generated pages (internal error documents, FTP directory
> # listings, mod_status and mod_info output etc., but not CGI generated
> # documents or custom error documents).
> # Set to "EMail" to also include a mailto: link to the ServerAdmin.
> # Set to one of: On | Off | EMail
> #
> ServerSignature On
>
> #
> # Aliases: Add here as many aliases as you need (with no limit). The format is
> # Alias fakename realname
> #
> # Note that if you include a trailing / on fakename then the server will
> # require it to be present in the URL. So "/icons" isn't aliased in this
> # example, only "/icons/". If the fakename is slash-terminated, then the
> # realname must also be slash terminated, and if the fakename omits the
> # trailing slash, the realname must also omit it.
> #
> # We include the /icons/ alias for FancyIndexed directory listings. If you
> # do not use FancyIndexing, you may comment this out.
> #
> Alias /icons/ "/var/www/icons/"
>
> <Directory "/var/www/icons">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
>
> #
> # WebDAV module configuration section.
> #
> <IfModule mod_dav_fs.c>
> # Location of the WebDAV lock database.
> DAVLockDB /var/lib/dav/lockdb
> </IfModule>
>
> #
> # ScriptAlias: This controls which directories contain server scripts.
> # ScriptAliases are essentially the same as Aliases, except that
> # documents in the realname directory are treated as applications and
> # run by the server when requested rather than as documents sent to the client.
> # The same rules about trailing "/" apply to ScriptAlias directives as to
> # Alias.
> #
> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>
> #
> # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
> # CGI directory exists, if you have that configured.
> #
> <Directory "/var/www/cgi-bin">
> AllowOverride None
> Options None
> Order allow,deny
> Allow from all
> </Directory>
>
> #
> # Redirect allows you to tell clients about documents which used to exist in
> # your server's namespace, but do not anymore. This allows you to tell the
> # clients where to look for the relocated document.
> # Example:
> # Redirect permanent /foo http://www.example.com/bar
>
> #
> # Directives controlling the display of server-generated directory listings.
> #
>
> #
> # IndexOptions: Controls the appearance of server-generated directory
> # listings.
> #
> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
>
> #
> # AddIcon* directives tell the server which icon to show for different
> # files or filename extensions. These are only displayed for
> # FancyIndexed directories.
> #
> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
>
> AddIconByType (TXT,/icons/text.gif) text/*
> AddIconByType (IMG,/icons/image2.gif) image/*
> AddIconByType (SND,/icons/sound2.gif) audio/*
> AddIconByType (VID,/icons/movie.gif) video/*
>
> AddIcon /icons/binary.gif .bin .exe
> AddIcon /icons/binhex.gif .hqx
> AddIcon /icons/tar.gif .tar
> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> AddIcon /icons/a.gif .ps .ai .eps
> AddIcon /icons/layout.gif .html .shtml .htm .pdf
> AddIcon /icons/text.gif .txt
> AddIcon /icons/c.gif .c
> AddIcon /icons/p.gif .pl .py
> AddIcon /icons/f.gif .for
> AddIcon /icons/dvi.gif .dvi
> AddIcon /icons/uuencoded.gif .uu
> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> AddIcon /icons/tex.gif .tex
> AddIcon /icons/bomb.gif core
>
> AddIcon /icons/back.gif ..
> AddIcon /icons/hand.right.gif README
> AddIcon /icons/folder.gif ^^DIRECTORY^^
> AddIcon /icons/blank.gif ^^BLANKICON^^
>
> #
> # DefaultIcon is which icon to show for files which do not have an icon
> # explicitly set.
> #
> DefaultIcon /icons/unknown.gif
>
> #
> # AddDescription allows you to place a short description after a file in
> # server-generated indexes. These are only displayed for FancyIndexed
> # directories.
> # Format: AddDescription "description" filename
> #
> #AddDescription "GZIP compressed document" .gz
> #AddDescription "tar archive" .tar
> #AddDescription "GZIP compressed tar archive" .tgz
>
> #
> # ReadmeName is the name of the README file the server will look for by
> # default, and append to directory listings.
> #
> # HeaderName is the name of a file which should be prepended to
> # directory indexes.
> ReadmeName README.html
> HeaderName HEADER.html
>
> #
> # IndexIgnore is a set of filenames which directory indexing should ignore
> # and not include in the listing. Shell-style wildcarding is permitted.
> #
> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
>
> #
> # DefaultLanguage and AddLanguage allows you to specify the language of
> # a document. You can then use content negotiation to give a browser a
> # file in a language the user can understand.
> #
> # Specify a default language. This means that all data
> # going out without a specific language tag (see below) will
> # be marked with this one. You probably do NOT want to set
> # this unless you are sure it is correct for all cases.
> #
> # * It is generally better to not mark a page as
> # * being a certain language than marking it with the wrong
> # * language!
> #
> # DefaultLanguage nl
> #
> # Note 1: The suffix does not have to be the same as the language
> # keyword --- those with documents in Polish (whose net-standard
> # language code is pl) may wish to use "AddLanguage pl .po" to
> # avoid the ambiguity with the common suffix for perl scripts.
> #
> # Note 2: The example entries below illustrate that in some cases
> # the two character 'Language' abbreviation is not identical to
> # the two character 'Country' code for its country,
> # E.g. 'Danmark/dk' versus 'Danish/da'.
> #
> # Note 3: In the case of 'ltz' we violate the RFC by using a three char
> # specifier. There is 'work in progress' to fix this and get
> # the reference data for rfc1766 cleaned up.
> #
> # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
> # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
> # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
> # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
> # Norwegian (no) - Polish (pl) - Portugese (pt)
> # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
> # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
> #
> AddLanguage ca .ca
> AddLanguage cs .cz .cs
> AddLanguage da .dk
> AddLanguage de .de
> AddLanguage el .el
> AddLanguage en .en
> AddLanguage eo .eo
> AddLanguage es .es
> AddLanguage et .et
> AddLanguage fr .fr
> AddLanguage he .he
> AddLanguage hr .hr
> AddLanguage it .it
> AddLanguage ja .ja
> AddLanguage ko .ko
> AddLanguage ltz .ltz
> AddLanguage nl .nl
> AddLanguage nn .nn
> AddLanguage no .no
> AddLanguage pl .po
> AddLanguage pt .pt
> AddLanguage pt-BR .pt-br
> AddLanguage ru .ru
> AddLanguage sv .sv
> AddLanguage zh-CN .zh-cn
> AddLanguage zh-TW .zh-tw
>
> #
> # LanguagePriority allows you to give precedence to some languages
> # in case of a tie during content negotiation.
> #
> # Just list the languages in decreasing order of preference. We have
> # more or less alphabetized them here. You probably want to change this.
> #
> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
>
> #
> # ForceLanguagePriority allows you to serve a result page rather than
> # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
> # [in case no accepted languages matched the available variants]
> #
> ForceLanguagePriority Prefer Fallback
>
> #
> # Specify a default charset for all content served; this enables
> # interpretation of all content as UTF-8 by default. To use the
> # default browser choice (ISO-8859-1), or to allow the META tags
> # in HTML content to override this choice, comment out this
> # directive:
> #
> AddDefaultCharset UTF-8
>
> #
> # AddType allows you to add to or override the MIME configuration
> # file mime.types for specific file types.
> #
> #AddType application/x-tar .tgz
>
> #
> # AddEncoding allows you to have certain browsers uncompress
> # information on the fly. Note: Not all browsers support this.
> # Despite the name similarity, the following Add* directives have nothing
> # to do with the FancyIndexing customization directives above.
> #
> #AddEncoding x-compress .Z
> #AddEncoding x-gzip .gz .tgz
>
> # If the AddEncoding directives above are commented-out, then you
> # probably should define those extensions to indicate media types:
> #
> AddType application/x-compress .Z
> AddType application/x-gzip .gz .tgz
>
> #
> # MIME-types for downloading Certificates and CRLs
> #
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> #
> # AddHandler allows you to map certain file extensions to "handlers":
> # actions unrelated to filetype. These can be either built into the server
> # or added with the Action directive (see below)
> #
> # To use CGI scripts outside of ScriptAliased directories:
> # (You will also need to add "ExecCGI" to the "Options" directive.)
> #
> #AddHandler cgi-script .cgi
>
> #
> # For files that include their own HTTP headers:
> #
> #AddHandler send-as-is asis
>
> #
> # For type maps (negotiated resources):
> # (This is enabled by default to allow the Apache "It Worked" page
> # to be distributed in multiple languages.)
> #
> AddHandler type-map var
>
> #
> # Filters allow you to process content before it is sent to the client.
> #
> # To parse .shtml files for server-side includes (SSI):
> # (You will also need to add "Includes" to the "Options" directive.)
> #
> AddType text/html .shtml
> AddOutputFilter INCLUDES .shtml
>
> #
> # Action lets you define media types that will execute a script whenever
> # a matching file is called. This eliminates the need for repeated URL
> # pathnames for oft-used CGI file processors.
> # Format: Action media/type /cgi-script/location
> # Format: Action handler-name /cgi-script/location
> #
>
> #
> # Customizable error responses come in three flavors:
> # 1) plain text 2) local redirects 3) external redirects
> #
> # Some examples:
> #ErrorDocument 500 "The server made a boo boo."
> #ErrorDocument 404 /missing.html
> #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
> #ErrorDocument 402 http://www.example.com/subscription_info.html
> #
>
> #
> # Putting this all together, we can internationalize error responses.
> #
> # We use Alias to redirect any /error/HTTP_<error>.html.var response to
> # our collection of by-error message multi-language collections. We use
> # includes to substitute the appropriate text.
> #
> # You can modify the messages' appearance without changing any of the
> # default HTTP_<error>.html.var files by adding the line:
> #
> # Alias /error/include/ "/your/include/path/"
> #
> # which allows you to create your own set of files by starting with the
> # /var/www/error/include/ files and
> # copying them to /your/include/path/, even on a per-VirtualHost basis.
> #
>
> Alias /error/ "/var/www/error/"
>
> <IfModule mod_negotiation.c>
> <IfModule mod_include.c>
> <Directory "/var/www/error">
> AllowOverride None
> Options IncludesNoExec
> AddOutputFilter Includes html
> AddHandler type-map var
> Order allow,deny
> Allow from all
> LanguagePriority en es de fr
> ForceLanguagePriority Prefer Fallback
> </Directory>
>
> # ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
> # ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
> # ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
> # ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
> # ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
> # ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
> # ErrorDocument 410 /error/HTTP_GONE.html.var
> # ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
> # ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
> # ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
> # ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
> # ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
> # ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
> # ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
> # ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
> # ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
> # ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
>
> </IfModule>
> </IfModule>
>
> #
> # The following directives modify normal HTTP response behavior to
> # handle known problems with browser implementations.
> #
> BrowserMatch "Mozilla/2" nokeepalive
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
> BrowserMatch "RealPlayer 4\.0" force-response-1.0
> BrowserMatch "Java/1\.0" force-response-1.0
> BrowserMatch "JDK/1\.0" force-response-1.0
>
> #
> # The following directive disables redirects on non-GET requests for
> # a directory that does not include the trailing slash. This fixes a
> # problem with Microsoft WebFolders which does not appropriately handle
> # redirects for folders with DAV methods.
> # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
> #
> BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
> BrowserMatch "MS FrontPage" redirect-carefully
> BrowserMatch "^WebDrive" redirect-carefully
> BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
> BrowserMatch "^gnome-vfs/1.0" redirect-carefully
> BrowserMatch "^XML Spy" redirect-carefully
> BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
>
> #
> # Allow server status reports generated by mod_status,
> # with the URL of http://servername/server-status
> # Change the ".example.com" to match your domain to enable.
> #
> #<Location /server-status>
> # SetHandler server-status
> # Order deny,allow
> # Deny from all
> # Allow from .example.com
> #</Location>
>
> #
> # Allow remote server configuration reports, with the URL of
> # http://servername/server-info (requires that mod_info.c be loaded).
> # Change the ".example.com" to match your domain to enable.
> #
> #<Location /server-info>
> # SetHandler server-info
> # Order deny,allow
> # Deny from all
> # Allow from .example.com
> #</Location>
>
> #
> # Proxy Server directives. Uncomment the following lines to
> # enable the proxy server:
> #
> #<IfModule mod_proxy.c>
> #ProxyRequests On
> #
> #<Proxy *>
> # Order deny,allow
> # Deny from all
> # Allow from .example.com
> #</Proxy>
>
> #
> # Enable/disable the handling of HTTP/1.1 "Via:" headers.
> # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
> # Set to one of: Off | On | Full | Block
> #
> #ProxyVia On
>
> #
> # To enable a cache of proxied content, uncomment the following lines.
> # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
> #
> #<IfModule mod_disk_cache.c>
> # CacheEnable disk /
> # CacheRoot "/var/cache/mod_proxy"
> #</IfModule>
> #
>
> #</IfModule>
> # End of proxy directives.
>
> ### Section 3: Virtual Hosts
> #
> # VirtualHost: If you want to maintain multiple domains/hostnames on your
> # machine you can setup VirtualHost containers for them. Most configurations
> # use only name-based virtual hosts so the server doesn't need to worry about
> # IP addresses. This is indicated by the asterisks in the directives below.
> #
> # Please see the documentation at
> # <URL:http://httpd.apache.org/docs/2.2/vhosts/>
> # for further details before you try to setup virtual hosts.
> #
> # You may use the command line option '-S' to verify your virtual host
> # configuration.
>
> #
> # Use name-based virtual hosting.
> #
> #NameVirtualHost *:80
> #
> # NOTE: NameVirtualHost cannot be used without a port specifier
> # (e.g. :80) if mod_ssl is being used, due to the nature of the
> # SSL protocol.
> #
>
> #
> # VirtualHost example:
> # Almost any Apache directive may go into a VirtualHost container.
> # The first VirtualHost section is used for requests without a known
> # server name.
> #
> #<VirtualHost *:80>
> # ServerAdmin webmaster@dummy-host.example.com
> # DocumentRoot /www/docs/dummy-host.example.com
> # ServerName dummy-host.example.com
> # ErrorLog logs/dummy-host.example.com-error_log
> # CustomLog logs/dummy-host.example.com-access_log common
> #</VirtualHost>
>
> NameVirtualHost *:443
> <VirtualHost *:443>
> SSLEngine on
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
> SSLCertificateFile /etc/ssl/certs/server.crt
> SSLCertificateKeyFile /etc/ssl/certs/server.key
>
> DocumentRoot /var/www/web1/web/
> <Directory /var/www/web1/web/>
> Options Indexes MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
>
> Alias /webdav /var/www/web1/web
>
> <Location /webdav>
> DAV On
> AuthType Basic
> AuthName "webdav"
> AuthUserFile /var/www/web1/passwd.dav
> Require valid-user
> </Location>
>
> </VirtualHost>
> ##########################################################################################################################
>
>
>
>
>
>
> 2.
> Following is the startup info when I do "sudo service httpd start" ::
>
> ##########################################################################################################################
> [ajay@ajay ~]$ sudo service httpd start
> Starting httpd: [Wed Mar 21 11:20:59 2012] [warn] module ssl_module is already loaded, skipping
> httpd: Could not reliably determine the server's fully qualified domain name, using ::1 for ServerName
> Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide the pass phrases.
>
> Server ::1:443 (RSA)
> Enter pass phrase:
>
> OK: Pass Phrase Dialog successful.
> [ OK ]
> ##########################################################################################################################
>
>
>
>
>
>
>
> 3.
> Following are the parameters I enter in gnome-nautilus ::
>
> ###########################################################################################################################
> Service type: Secure WebDAV (HTTPS)
> Server: localhost
>
> Optional information:
> Port: 443
> Folder: webdav
> User Name:
>
> Add bookmark
> Bookmark name:
> ###########################################################################################################################
>
>
>
> 4.
> Finally, upon clikcing "Connect", I get the popup with the following message ::
>
> ###########################################################################################################################
> Cannot display location "davs://
> localhost/webdav"
>
> HTTP Error: Cannot connect to destination (localhost)
> ###########################################################################################################################
>
>
>
>
>
>
>
> I will be obliged for any pointers. I have been going nuts for three days :|
>
> Looking forward to a reply.
>
>
> Regards,
> Ajay
>
>
>
>
>
>
> --
> Gr,
>
> Mathijs
>
--
sctemme@apache.org http://www.temme.net/sander/
PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
View my availability: http://tungle.me/sctemme
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org