diff options
Diffstat (limited to 'setup')
65 files changed, 227 insertions, 2955 deletions
diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml index 17351ac..e6e4c75 100644 --- a/setup/configs/openshift.yml +++ b/setup/configs/openshift.yml @@ -1,15 +1,26 @@ --- ands_openshift_projects: - adei: ADEI - -# katrin: KArlsruhe TRItium Neutrino -# test: Tesing + kaas: KaaS router and common resources + katrin: KArlsruhe TRItium Neutrino + adei: ADEI + bora: Build Once Run Always + web: Web Sites + mon: OpenShift monitoring + test: Namespace for testing and prototyping ands_openshift_users: pdv: IPE Administation Account katrin: KATRIN Project csa: Suren A. Chilingaryan <csa@suren.me> + kopmann: Andreas Kopmann <kopmann@kit.edu> + ntj: Nicholas Tan Jerome <nicholas.jerome@kit.edu> ands_openshift_roles: - cluster-admin: csa, pdv + cluster-admin: csa + kaas/admin: csa, kopmann katrin/admin: katrin + adei/admin: csa + bora/admin: ntj + web/admin: kopmann + mon/admin: csa + test/admin: csa, ntj, kopmann, katrin diff --git a/setup/configs/security.yml b/setup/configs/security.yml index 413f57e..b870c55 100644 --- a/setup/configs/security.yml +++ b/setup/configs/security.yml @@ -1,6 +1,6 @@ ands_openshift_gid_mode: -# adei: "RunAsAny" ands_default: "MustRunAs" +# sample: "RunAsAny" #ands_openshift_uid_mode: # ands_default: "MustRunAsRange" @@ -8,8 +8,13 @@ ands_openshift_gid_mode: #ands_openshift_uid_ranges: ands_openshift_gid_ranges: + kaas: "4000/10" katrin: "5000/10" - adei: "5010/10" + test: "7100/10" + adei: "6000/10" + bora: "6100/10" + web: "6200/10" + mon: "7000/10" ands_openshift_uids: kaas: { id: 6000 } diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml index d93f177..f400eed 100644 --- a/setup/configs/volumes.yml +++ b/setup/configs/volumes.yml @@ -4,6 +4,7 @@ ands_paths: openshift: /mnt/openshift temporary: /mnt/temporary databases: /mnt/databases + datastore: /mnt/datastore katrin_data: /mnt/katrin ands_heketi_domain: @@ -15,10 +16,11 @@ ands_storage_domains: - servers: "ands_storage_servers" clients: "masters" volumes: - provision: { type: "cfg", mount: "{{ ands_paths.provision }}" } - openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } - databases: { type: "db", mount: "{{ ands_paths.databases }}" } - temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } + provision: { type: "cfg", mount: "{{ ands_paths.provision }}" } + openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } + databases: { type: "db", mount: "{{ ands_paths.databases }}" } + temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } + datastore: { type: "data", mount: "{{ ands_paths.datastore }}" } katrin_data: { type: "data", mount: "{{ ands_paths.katrin_data }}" } # - servers: "storage_nodes" # clients: "nodes" @@ -30,13 +32,14 @@ ands_storage_domains: # Per project list (to distribute in multiple namespaces later) +# If not started with '/' will be prepended with project name ands_openshift_volumes: - etc: { volume: "openshift", path: "/etc" } - src: { volume: "openshift", path: "/src" } - www: { volume: "openshift", path: "/www" } - log: { volume: "temporary", path: "/log", write: true} - tmp: { volume: "temporary", path: "/tmp", write: true} + etc: { volume: "openshift", path: "" } + etcw: { volume: "openshift", path: "", write: true } + data: { volume: "datastore", path: "", write: true } + db: { volume: "databases", path: "", write: true } + tmp: { volume: "temporary", path: "", write: true } # Global list, we only take things from the volume of project -ands_openshift_files: - - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" } +#ands_openshift_files: +# - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" } diff --git a/setup/projects/adei/templates/60-adei.yml.j2 b/setup/projects/adei/templates/60-adei.yml.j2 index 1bff206..537368f 100644 --- a/setup/projects/adei/templates/60-adei.yml.j2 +++ b/setup/projects/adei/templates/60-adei.yml.j2 @@ -8,6 +8,7 @@ metadata: openshift.io/provider-display-name: "KIT" openshift.io/documentation-url: "http://adei.info" openshift.io/support-url: "http://adei.info" + kaas/strategy: "manual" labels: app: "adei" objects: diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml index 69d291c..cdeb4e7 100644 --- a/setup/projects/adei/vars/volumes.yml +++ b/setup/projects/adei/vars/volumes.yml @@ -1,20 +1,22 @@ -volumes: - adei_init: { volume: "openshift", path: "/adei/init" } # mysql - adei_etc: { volume: "openshift", path: "/adei/etc" } # mysql - adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links) - adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup) - adei_sys: { volume: "openshift", path: "/adei/sys" } # per-setup cron-jon overrides - adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files - adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files - adei_db: { volume: "databases", path: "/adei", write: true} - gids: - adei: { id: 5010 } - adei_db: { id: 5011 } + adei: { id: 6000 } + adei_db: { id: 6001 } + +volumes: + adei_init: { volume: "openshift", path: "/adei/init"} # mysql + adei_etc: { volume: "openshift", path: "/adei/etc"} # mysql (maybe) + adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links) + adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup) + adei_sys: { volume: "openshift", path: "/adei/sys" } # per-setup cron-jon overrides + adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files + adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files + adei_db: { volume: "databases", path: "/adei", write: true } # mysql files: - - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" } + - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_cfg", path: "/prod", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_cfg", path: "/dbg", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" } diff --git a/setup/projects/katrin/files/www/kaas/index.html b/setup/projects/kaas/files/data/www/index.html index 906ee19..906ee19 100644 --- a/setup/projects/katrin/files/www/kaas/index.html +++ b/setup/projects/kaas/files/data/www/index.html diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-autoindex.conf index c581e97..c581e97 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-autoindex.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-dav.conf index 29dfb72..29dfb72 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-dav.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-default.conf index efeca05..efeca05 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-default.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-info.conf index db316c0..db316c0 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-info.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-languages.conf index 7f66461..7f66461 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-languages.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-manual.conf index fc12fb9..fc12fb9 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-manual.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-mpm.conf index 8c44c60..8c44c60 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-mpm.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-multilang-errordoc.conf index 8ff9a45..8ff9a45 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-multilang-errordoc.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-ssl.conf index f8c023e..f8c023e 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-ssl.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-userdir.conf index 567bd6d..567bd6d 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-userdir.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-vhosts.conf index 01a73f3..01a73f3 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-vhosts.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/httpd.conf b/setup/projects/kaas/files/etc/apache2/httpd.conf index 4b05e71..4b05e71 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/httpd.conf +++ b/setup/projects/kaas/files/etc/apache2/httpd.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/kaas/router.conf b/setup/projects/kaas/files/etc/apache2/kaas/router.conf index 4afa6dd..4afa6dd 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/kaas/router.conf +++ b/setup/projects/kaas/files/etc/apache2/kaas/router.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/magic b/setup/projects/kaas/files/etc/apache2/magic index 0de7336..0de7336 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/magic +++ b/setup/projects/kaas/files/etc/apache2/magic diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/mime.types b/setup/projects/kaas/files/etc/apache2/mime.types index 5175242..5175242 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/mime.types +++ b/setup/projects/kaas/files/etc/apache2/mime.types diff --git a/setup/projects/katrin/keys/kaas.crt b/setup/projects/kaas/keys/kaas.crt index 82ef723..82ef723 100644 --- a/setup/projects/katrin/keys/kaas.crt +++ b/setup/projects/kaas/keys/kaas.crt diff --git a/setup/projects/katrin/keys/kaas.key b/setup/projects/kaas/keys/kaas.key index 3d766c8..3d766c8 100644 --- a/setup/projects/katrin/keys/kaas.key +++ b/setup/projects/kaas/keys/kaas.key diff --git a/setup/projects/kaas/templates/10-kaas-builder.yml.j2 b/setup/projects/kaas/templates/10-kaas-builder.yml.j2 new file mode 100644 index 0000000..52066a5 --- /dev/null +++ b/setup/projects/kaas/templates/10-kaas-builder.yml.j2 @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Template +metadata: + name: kaas-manager-build + labels: + app: kaas-manager + annotations: + descriptions: "KaaS Data Manager Build" +objects: + - kind: ImageStream + apiVersion: v1 + metadata: + name: kaas-manager + - kind: "BuildConfig" + apiVersion: "v1" + metadata: + name: "kaas-manager" + spec: +# runPolicy: "Serial" + successfulBuildsHistoryLimit: "{{ kaas_pod_history_limit }}" + failedBuildsHistoryLimit: "{{ kaas_pod_history_limit }}" + triggers: + - type: "ConfigChange" + source: + type: "Git" + git: + uri: "http://adei.info/git/csa/devops/docker/ands-management.git" + strategy: + dockerStrategy: + dockerfilePath: Dockerfile + output: + to: + kind: "ImageStreamTag" + name: "kaas-manager:latest" + imageLabels: + - name: "vendor" + value: "KIT" + - name: "author" + value: "Suren A. Chilingaryan" + - name: "authoritative-source-url" + value: "adei.info" + diff --git a/setup/projects/kaas/templates/40-kaas-manager.yml.j2 b/setup/projects/kaas/templates/40-kaas-manager.yml.j2 new file mode 100644 index 0000000..e181737 --- /dev/null +++ b/setup/projects/kaas/templates/40-kaas-manager.yml.j2 @@ -0,0 +1,91 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "false" +--- +{% set gid_range = kaas_openshift_gid_ranges[kaas_project].split("/") %} +apiVersion: v1 +kind: Template +metadata: + name: kaas-manager + annotations: + descriptions: KaaS Data Management Service +objects: + - apiVersion: v1 + kind: DeploymentConfig + metadata: + name: kaas-manager + spec: + replicas: 1 + revisionHistoryLimit: {{ kaas_pod_history_limit }} + strategy: + type: Rolling + triggers: + - type: ConfigChange + selector: + name: kaas-manager + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + from: + kind: "ImageStreamTag" + name: "kaas-manager:latest" + namespace: "kaas" + containerNames: + - kaas-manager + template: + metadata: + name: kaas-manager + labels: + name: kaas-manager + spec: + securityContext: + supplementalGroups: +{% for ofs in range(gid_range[1] | default(1) | int) %} + - {{ (gid_range[0] | int) + ofs }} +{% endfor %} +{% if (kaas_project_config.run_pods_as is defined) %} +{% if ((kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as] is defined) %} + runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as].id }} +{% else %} + runAsUser: {{ kaas_project_config.run_pods_as }} +{% endif %} +{% endif %} + volumes: +{% for name, vol in kaas_project_volumes.iteritems() %} +{% set oc_name = name | regex_replace('_','-') %} +{% if (vol.write | default(false)) %} + - name: vol-{{ name }} + persistentVolumeClaim: + claimName: {{ oc_name }} +{% endif %} +{% endfor %} +{% if ('data' not in kaas_project_volumes) %} + - name: home + emptyDir: {} +{% endif %} + containers: + - name: kaas-manager + image: kaas-manager + command: [ "/docker-entrypoint.sh", "/bin/sx" ] + volumeMounts: +{% for name, vol in kaas_project_volumes.iteritems() %} +{% if (vol.write | default(false)) %} + - name: vol-{{ name }} + mountPath: /mnt/{{ name }} +{% endif %} +{% endfor %} +{% if ('data' not in kaas_project_volumes) %} + - name: home + mountPath: /home +{% endif %} + env: + - name: HOME +{% if ('data' in kaas_project_volumes) %} + value: /mnt/data/home +{% else %} + value: /tmp +{% endif %} +# lifecycle: +# postStart: +# exec: +# command: [ "/bin/bash", "[ -d $HOME ] || mkdir -p $HOME" ] diff --git a/setup/projects/katrin/vars/globals.yml b/setup/projects/kaas/vars/globals.yml index 50776ff..69b0bfe 100644 --- a/setup/projects/katrin/vars/globals.yml +++ b/setup/projects/kaas/vars/globals.yml @@ -1,2 +1 @@ -#katrin_node: katrin.kit.edu katrin_node: "katrin.{{ openshift_master_default_subdomain }}" diff --git a/setup/projects/kaas/vars/pods.yml b/setup/projects/kaas/vars/pods.yml new file mode 100644 index 0000000..41831ab --- /dev/null +++ b/setup/projects/kaas/vars/pods.yml @@ -0,0 +1,15 @@ +pods: + kaas-router: + service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] } + sched: { replicas: 1, selector: { master: 1 } } + selector: { master: 1 } + images: + - image: "httpd:2.2" + mappings: + - { name: "etc", path: "apache2", mount: "/usr/local/apache2/conf" } + - { name: "data", path: "www", mount: "/usr/local/apache2/htdocs" } + - { name: "tmp", path: "apache2", mount: "/usr/local/apache2/logs" } + probes: + - { port: 8080, path: '/index.html' } + +
\ No newline at end of file diff --git a/setup/projects/kaas/vars/volumes.yml b/setup/projects/kaas/vars/volumes.yml new file mode 100644 index 0000000..3554aa6 --- /dev/null +++ b/setup/projects/kaas/vars/volumes.yml @@ -0,0 +1,10 @@ +gids: + kaas: { id: 4000 } + +files: + - { osv: "data", path: "/www", state: "directory", group: "kaas", mode: "0775" } + - { osv: "etc", path: "/apache2", state: "directory", group: "kaas", mode: "0775" } + - { osv: "tmp", path: "/apache2", state: "directory", group: "kaas", mode: "0775" } + +#resync: true +sync_set_gid: kaas diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf deleted file mode 100644 index a70324b..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf +++ /dev/null @@ -1,217 +0,0 @@ -# -# When we also provide SSL we have to listen to the -# the HTTPS port in addition. -# -Listen 0.0.0.0:8443 https - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -SSLSessionCache shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000) -SSLSessionCacheTimeout 300 - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:8443> - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:8443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog |/usr/bin/cat -TransferLog |/usr/bin/cat -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Protocol support: -# List the enable protocol levels with which clients will be able to -# connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 - -# Speed-optimized SSL Cipher configuration: -# If speed is your main concern (on busy HTTPS servers e.g.), -# you might want to force clients to specific, performance -# optimized ciphers. In this case, prepend those ciphers -# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. -# Caveat: by giving precedence to RC4-SHA and AES128-SHA -# (as in the example below), most connections will no longer -# have perfect forward secrecy - if the server's key is -# compromised, captures of past or future traffic must be -# considered compromised, too. -#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 -#SSLHonorCipherOrder on - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A new -# certificate can be generated using the genkey(1) command. -SSLCertificateFile /etc/pki/tls/certs/localhost.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - SSLOptions +StdEnvVars -</Files> -<Directory "/var/www/cgi-bin"> - SSLOptions +StdEnvVars -</Directory> - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog |/usr/bin/cat \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf deleted file mode 100644 index b5d7a49..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf +++ /dev/null @@ -1,36 +0,0 @@ -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -<IfModule mod_userdir.c> - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html -</IfModule> - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -<Directory "/home/*/public_html"> - AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - Require method GET POST OPTIONS -</Directory> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README deleted file mode 100644 index f5e9661..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README +++ /dev/null @@ -1,9 +0,0 @@ - -This directory holds configuration files for the Apache HTTP Server; -any files in this directory which have the ".conf" extension will be -processed as httpd configuration files. The directory is used in -addition to the directory /etc/httpd/conf.modules.d/, which contains -configuration files necessary to load modules. - -Files are processed in alphabetical order. - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf deleted file mode 100644 index 55f658e..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf +++ /dev/null @@ -1,94 +0,0 @@ -# -# Directives controlling the display of server-generated directory listings. -# -# Required modules: mod_authz_core, mod_authz_host, -# mod_autoindex, mod_alias -# -# To see the listing of a directory, the Options directive for the -# directory must include "Indexes", and the directory must not contain -# a file matching those listed in the DirectoryIndex directive. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing HTMLTable VersionSort - -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/opt/rh/httpd24/root/usr/share/httpd/icons/" - -<Directory "/opt/rh/httpd24/root/usr/share/httpd/icons"> - Options Indexes MultiViews FollowSymlinks - AllowOverride None - Require all granted -</Directory> - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif /core -AddIcon /icons/bomb.gif */core.* - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf deleted file mode 100644 index 325d196..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf +++ /dev/null @@ -1,6 +0,0 @@ -ProxyPass /adei http://katrin.kit.edu/adei -ProxyPassReverse /adei http://katrin.kit.edu/adei -ProxyPass /adei-katrin http://katrin.kit.edu/adei-katrin -ProxyPassReverse /adei-katrin http://katrin.kit.edu/adei-katrin -ProxyPass /katrin-ng http://katrin.kit.edu/katrin-ng -ProxyPassReverse /katrin-ng http://katrin.kit.edu/katrin-ng diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf deleted file mode 100644 index e69de29..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf +++ /dev/null diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf deleted file mode 100644 index 34b4b72..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf +++ /dev/null @@ -1,18 +0,0 @@ -# -# This configuration file enables the default "Welcome" page if there -# is no default index page present for the root URL. To disable the -# Welcome page, comment out all the lines below. -# -# NOTE: if this file is removed, it will be restored on upgrades. -# -<LocationMatch "^/+$"> - Options -Indexes - ErrorDocument 403 /.noindex.html -</LocationMatch> - -<Directory /opt/rh/httpd24/root/usr/share/httpd/noindex> - AllowOverride None - Require all granted -</Directory> - -Alias /.noindex.html /opt/rh/httpd24/root/usr/share/httpd/noindex/index.html diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf deleted file mode 100644 index 2e3ce8c..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf +++ /dev/null @@ -1,67 +0,0 @@ -# -# This file loads most of the modules included with the Apache HTTP -# Server itself. -# - -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule data_module modules/mod_data.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -#LoadModule http2_module modules/mod_http2.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule mime_module modules/mod_mime.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule status_module modules/mod_status.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf deleted file mode 100644 index 7bfd1d4..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Select the MPM module which should be used by uncommenting exactly -# one of the following LoadModule lines: - -# prefork MPM: Implements a non-threaded, pre-forking web server -# See: http://httpd.apache.org/docs/2.4/mod/prefork.html -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so - -# worker MPM: Multi-Processing Module implementing a hybrid -# multi-threaded multi-process web server -# See: http://httpd.apache.org/docs/2.4/mod/worker.html -# -#LoadModule mpm_worker_module modules/mod_mpm_worker.so - -# event MPM: A variant of the worker MPM with the goal of consuming -# threads only for connections with active processing -# See: http://httpd.apache.org/docs/2.4/mod/event.html -# -#LoadModule mpm_event_module modules/mod_mpm_event.so - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf deleted file mode 100644 index b8003f4..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf +++ /dev/null @@ -1,4 +0,0 @@ -# This file configures all the proxy modules: -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_http_module modules/mod_proxy_http.so - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf deleted file mode 100644 index e6af8de..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf +++ /dev/null @@ -1,3 +0,0 @@ -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf deleted file mode 100644 index 9e0d0db..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule lua_module modules/mod_lua.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf deleted file mode 100644 index 70bda5e..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf +++ /dev/null @@ -1,20 +0,0 @@ -# -# This file lists modules included with the Apache HTTP Server -# which are not enabled by default. -# - -#LoadModule asis_module modules/mod_asis.so -#LoadModule buffer_module modules/mod_buffer.so -#LoadModule file_cache_module modules/mod_file_cache.so -#LoadModule watchdog_module modules/mod_watchdog.so -#LoadModule heartbeat_module modules/mod_heartbeat.so -#LoadModule heartmonitor_module modules/mod_heartmonitor.so -#LoadModule usertrack_module modules/mod_usertrack.so -#LoadModule dialup_module modules/mod_dialup.so -#LoadModule charset_lite_module modules/mod_charset_lite.so -#LoadModule log_debug_module modules/mod_log_debug.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule ratelimit_module modules/mod_ratelimit.so -#LoadModule reflector_module modules/mod_reflector.so -#LoadModule sed_module modules/mod_sed.so -#LoadModule speling_module modules/mod_speling.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf deleted file mode 100644 index cc0bca0..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf +++ /dev/null @@ -1,16 +0,0 @@ -# This file configures all the proxy modules: -LoadModule proxy_module modules/mod_proxy.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf deleted file mode 100644 index 53235cd..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule ssl_module modules/mod_ssl.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf deleted file mode 100644 index b208c97..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf +++ /dev/null @@ -1,2 +0,0 @@ -# This file configures systemd module: -LoadModule systemd_module modules/mod_systemd.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf deleted file mode 100644 index 5b8b936..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This configuration file loads a CGI module appropriate to the MPM -# which has been configured in 00-mpm.conf. mod_cgid should be used -# with a threaded MPM; mod_cgi with the prefork MPM. - -<IfModule mpm_worker_module> - LoadModule cgid_module modules/mod_cgid.so -</IfModule> -<IfModule mpm_event_module> - LoadModule cgid_module modules/mod_cgid.so -</IfModule> -<IfModule mpm_prefork_module> - LoadModule cgi_module modules/mod_cgi.so -</IfModule> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf deleted file mode 100644 index 88fcb97..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf +++ /dev/null @@ -1,353 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. -# In particular, see -# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/opt/rh/httpd24/root/etc/httpd" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 0.0.0.0:8080 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -Include conf.modules.d/*.conf - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User default -Group root - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -#ServerName www.example.com:80 - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# <Directory> blocks below. -# -<Directory /> - AllowOverride none - Require all denied -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/opt/rh/httpd24/root/var/www/html" - -# -# Relax access to content within /opt/rh/httpd24/root/var/www. -# -<Directory "/opt/rh/httpd24/root/var/www"> - AllowOverride None - # Allow open access: - Require all granted -</Directory> - -# Further relax access to the default document root: -<Directory "/opt/rh/httpd24/root/var/www/html"> - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride All - - # - # Controls who can get stuff from this server. - # - Require all granted -</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -<IfModule dir_module> - DirectoryIndex index.html -</IfModule> - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<Files ".ht*"> - Require all denied -</Files> - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog |/usr/bin/cat - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -<IfModule log_config_module> - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - <IfModule logio_module> - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - </IfModule> - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a <VirtualHost> - # container, they will be logged here. Contrariwise, if you *do* - # define per-<VirtualHost> access logfiles, transactions will be - # logged therein and *not* in this file. - # - #CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - CustomLog |/usr/bin/cat combined -</IfModule> - -<IfModule alias_module> - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a <Directory> section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/opt/rh/httpd24/root/var/www/cgi-bin/" - -</IfModule> - -# -# "/opt/rh/httpd24/root/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "/opt/rh/httpd24/root/var/www/cgi-bin"> - AllowOverride None - Options None - Require all granted -</Directory> - -<IfModule mime_module> - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml -</IfModule> - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -<IfModule mime_magic_module> - # - # The mod_mime_magic module allows the server to use various hints from the - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # - MIMEMagicFile conf/magic -</IfModule> - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults if commented: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -EnableSendfile on - -# Supplemental configuration -# -# Load config files in the "/etc/httpd/conf.d" directory, if any. -IncludeOptional conf.d/*.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic deleted file mode 100644 index 7c56119..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic +++ /dev/null @@ -1,385 +0,0 @@ -# Magic data for mod_mime_magic Apache module (originally for file(1) command) -# The module is described in /manual/mod/mod_mime_magic.html -# -# The format is 4-5 columns: -# Column #1: byte number to begin checking from, ">" indicates continuation -# Column #2: type of data to match -# Column #3: contents of data to match -# Column #4: MIME type of result -# Column #5: MIME encoding of result (optional) - -#------------------------------------------------------------------------------ -# Localstuff: file(1) magic for locally observed files -# Add any locally observed files here. - -#------------------------------------------------------------------------------ -# end local stuff -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Java - -0 short 0xcafe ->2 short 0xbabe application/java - -#------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats -# -# from Jan Nicolai Langfeldt <janl@ifi.uio.no>, -# - -# Sun/NeXT audio data -0 string .snd ->12 belong 1 audio/basic ->12 belong 2 audio/basic ->12 belong 3 audio/basic ->12 belong 4 audio/basic ->12 belong 5 audio/basic ->12 belong 6 audio/basic ->12 belong 7 audio/basic - ->12 belong 23 audio/x-adpcm - -# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format -# that uses little-endian encoding and has a different magic number -# (0x0064732E in little-endian encoding). -0 lelong 0x0064732E ->12 lelong 1 audio/x-dec-basic ->12 lelong 2 audio/x-dec-basic ->12 lelong 3 audio/x-dec-basic ->12 lelong 4 audio/x-dec-basic ->12 lelong 5 audio/x-dec-basic ->12 lelong 6 audio/x-dec-basic ->12 lelong 7 audio/x-dec-basic -# compressed (G.721 ADPCM) ->12 lelong 23 audio/x-dec-adpcm - -# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" -# AIFF audio data -8 string AIFF audio/x-aiff -# AIFF-C audio data -8 string AIFC audio/x-aiff -# IFF/8SVX audio data -8 string 8SVX audio/x-aiff - -# Creative Labs AUDIO stuff -# Standard MIDI data -0 string MThd audio/unknown -#>9 byte >0 (format %d) -#>11 byte >1 using %d channels -# Creative Music (CMF) data -0 string CTMF audio/unknown -# SoundBlaster instrument data -0 string SBI audio/unknown -# Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown -## is this next line right? it came this way... -#>19 byte 0x1A -#>23 byte >0 - version %d -#>22 byte >0 \b.%d - -# [GRR 950115: is this also Creative Labs? Guessing that first line -# should be string instead of unknown-endian long...] -#0 long 0x4e54524b MultiTrack sound data -#0 string NTRK MultiTrack sound data -#>4 long x - version %ld - -# Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] -# Microsoft RIFF -0 string RIFF audio/unknown -# - WAVE format ->8 string WAVE audio/x-wav -# MPEG audio. -0 beshort&0xfff0 0xfff0 audio/mpeg -# C64 SID Music files, from Linus Walleij <triad@df.lth.se> -0 string PSID audio/prs.sid - -#------------------------------------------------------------------------------ -# c-lang: file(1) magic for C programs or various scripts -# - -# XPM icons (Greg Roelofs, newt@uchicago.edu) -# ideally should go into "images", but entries below would tag XPM as C source -0 string /*\ XPM image/x-xbm 7bit - -# this first will upset you if you're a PL/1 shop... (are there any left?) -# in which case rm it; ascmagic will catch real C programs -# C or REXX program text -0 string /* text/plain -# C++ program text -0 string // text/plain - -#------------------------------------------------------------------------------ -# compress: file(1) magic for pure-compression formats (no archives) -# -# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. -# -# Formats for various forms of compressed data -# Formats for "compress" proper have been moved into "compress.c", -# because it tries to uncompress it to figure out what's inside. - -# standard unix compress -0 string \037\235 application/octet-stream x-compress - -# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) -0 string \037\213 application/octet-stream x-gzip - -# According to gzip.h, this is the correct byte order for packed data. -0 string \037\036 application/octet-stream -# -# This magic number is byte-order-independent. -# -0 short 017437 application/octet-stream - -# XXX - why *two* entries for "compacted data", one of which is -# byte-order independent, and one of which is byte-order dependent? -# -# compacted data -0 short 0x1fff application/octet-stream -0 string \377\037 application/octet-stream -# huf output -0 short 0145405 application/octet-stream - -# Squeeze and Crunch... -# These numbers were gleaned from the Unix versions of the programs to -# handle these formats. Note that I can only uncrunch, not crunch, and -# I didn't have a crunched file handy, so the crunch number is untested. -# Keith Waclena <keith@cerberus.uchicago.edu> -#0 leshort 0x76FF squeezed data (CP/M, DOS) -#0 leshort 0x76FE crunched data (CP/M, DOS) - -# Freeze -#0 string \037\237 Frozen file 2.1 -#0 string \037\236 Frozen file 1.0 (or gzip 0.5) - -# lzh? -#0 string \037\240 LZH compressed data - -#------------------------------------------------------------------------------ -# frame: file(1) magic for FrameMaker files -# -# This stuff came on a FrameMaker demo tape, most of which is -# copyright, but this file is "published" as witness the following: -# -0 string \<MakerFile application/x-frame -0 string \<MIFFile application/x-frame -0 string \<MakerDictionary application/x-frame -0 string \<MakerScreenFon application/x-frame -0 string \<MML application/x-frame -0 string \<Book application/x-frame -0 string \<Maker application/x-frame - -#------------------------------------------------------------------------------ -# html: file(1) magic for HTML (HyperText Markup Language) docs -# -# from Daniel Quinlan <quinlan@yggdrasil.com> -# and Anna Shergold <anna@inext.co.uk> -# -0 string \<!DOCTYPE\ HTML text/html -0 string \<!doctype\ html text/html -0 string \<HEAD text/html -0 string \<head text/html -0 string \<TITLE text/html -0 string \<title text/html -0 string \<html text/html -0 string \<HTML text/html -0 string \<!-- text/html -0 string \<h1 text/html -0 string \<H1 text/html - -# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se> -0 string \<?xml text/xml - -#------------------------------------------------------------------------------ -# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps) -# -# originally from jef@helios.ee.lbl.gov (Jef Poskanzer), -# additions by janl@ifi.uio.no as well as others. Jan also suggested -# merging several one- and two-line files into here. -# -# XXX - byte order for GIF and TIFF fields? -# [GRR: TIFF allows both byte orders; GIF is probably little-endian] -# - -# [GRR: what the hell is this doing in here?] -#0 string xbtoa btoa'd file - -# PBMPLUS -# PBM file -0 string P1 image/x-portable-bitmap 7bit -# PGM file -0 string P2 image/x-portable-greymap 7bit -# PPM file -0 string P3 image/x-portable-pixmap 7bit -# PBM "rawbits" file -0 string P4 image/x-portable-bitmap -# PGM "rawbits" file -0 string P5 image/x-portable-greymap -# PPM "rawbits" file -0 string P6 image/x-portable-pixmap - -# NIFF (Navy Interchange File Format, a modification of TIFF) -# [GRR: this *must* go before TIFF] -0 string IIN1 image/x-niff - -# TIFF and friends -# TIFF file, big-endian -0 string MM image/tiff -# TIFF file, little-endian -0 string II image/tiff - -# possible GIF replacements; none yet released! -# (Greg Roelofs, newt@uchicago.edu) -# -# GRR 950115: this was mine ("Zip GIF"): -# ZIF image (GIF+deflate alpha) -0 string GIF94z image/unknown -# -# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better): -# FGF image (GIF+deflate beta) -0 string FGF95a image/unknown -# -# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal -# (best; not yet implemented): -# PBF image (deflate compression) -0 string PBF image/unknown - -# GIF -0 string GIF image/gif - -# JPEG images -0 beshort 0xffd8 image/jpeg - -# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu) -0 string BM image/bmp -#>14 byte 12 (OS/2 1.x format) -#>14 byte 64 (OS/2 2.x format) -#>14 byte 40 (Windows 3.x format) -#0 string IC icon -#0 string PI pointer -#0 string CI color icon -#0 string CP color pointer -#0 string BA bitmap array - -0 string \x89PNG image/png -0 string FWS application/x-shockwave-flash -0 string CWS application/x-shockwave-flash - -#------------------------------------------------------------------------------ -# lisp: file(1) magic for lisp programs -# -# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -0 string ;; text/plain 8bit -# Emacs 18 - this is always correct, but not very magical. -0 string \012( application/x-elc -# Emacs 19 -0 string ;ELC\023\000\000\000 application/x-elc - -#------------------------------------------------------------------------------ -# mail.news: file(1) magic for mail and news -# -# There are tests to ascmagic.c to cope with mail and news. -0 string Relay-Version: message/rfc822 7bit -0 string #!\ rnews message/rfc822 7bit -0 string N#!\ rnews message/rfc822 7bit -0 string Forward\ to message/rfc822 7bit -0 string Pipe\ to message/rfc822 7bit -0 string Return-Path: message/rfc822 7bit -0 string Path: message/news 8bit -0 string Xref: message/news 8bit -0 string From: message/rfc822 7bit -0 string Article message/news 8bit -#------------------------------------------------------------------------------ -# msword: file(1) magic for MS Word files -# -# Contributor claims: -# Reversed-engineered MS Word magic numbers -# - -0 string \376\067\0\043 application/msword -0 string \333\245-\0\0\0 application/msword - -# disable this one because it applies also to other -# Office/OLE documents for which msword is not correct. See PR#2608. -#0 string \320\317\021\340\241\261 application/msword - - - -#------------------------------------------------------------------------------ -# printer: file(1) magic for printer-formatted files -# - -# PostScript -0 string %! application/postscript -0 string \004%! application/postscript - -# Acrobat -# (due to clamen@cs.cmu.edu) -0 string %PDF- application/pdf - -#------------------------------------------------------------------------------ -# sc: file(1) magic for "sc" spreadsheet -# -38 string Spreadsheet application/x-sc - -#------------------------------------------------------------------------------ -# tex: file(1) magic for TeX files -# -# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) -# -# From <conklin@talisman.kaleida.com> - -# Although we may know the offset of certain text fields in TeX DVI -# and font files, we can't use them reliably because they are not -# zero terminated. [but we do anyway, christos] -0 string \367\002 application/x-dvi -#0 string \367\203 TeX generic font data -#0 string \367\131 TeX packed font data -#0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text -#0 string This\ is\ METAFONT, METAFONT transcript text - -# There is no way to detect TeX Font Metric (*.tfm) files without -# breaking them apart and reading the data. The following patterns -# match most *.tfm files generated by METAFONT or afm2tfm. -#2 string \000\021 TeX font metric data -#2 string \000\022 TeX font metric data -#>34 string >\0 (%s) - -# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) -#0 string \\input\ texinfo Texinfo source text -#0 string This\ is\ Info\ file GNU Info text - -# correct TeX magic for Linux (and maybe more) -# from Peter Tobias (tobias@server.et-inf.fho-emden.de) -# -0 leshort 0x02f7 application/x-dvi - -# RTF - Rich Text Format -0 string {\\rtf application/rtf - -#------------------------------------------------------------------------------ -# animation: file(1) magic for animation/movie formats -# -# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) -# MPEG file -0 string \000\000\001\263 video/mpeg -# -# The contributor claims: -# I couldn't find a real magic number for these, however, this -# -appears- to work. Note that it might catch other files, too, -# so BE CAREFUL! -# -# Note that title and author appear in the two 20-byte chunks -# at decimal offsets 2 and 22, respectively, but they are XOR'ed with -# 255 (hex FF)! DL format SUCKS BIG ROCKS. -# -# DL file version 1 , medium format (160x100, 4 images/screen) -0 byte 1 video/unknown -0 byte 2 video/unknown -# Quicktime video, from Linus Walleij <triad@df.lth.se> -# from Apple quicktime file format documentation. -4 string moov video/quicktime -4 string mdat video/quicktime - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf deleted file mode 100644 index c581e97..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf +++ /dev/null @@ -1,93 +0,0 @@ -# -# Directives controlling the display of server-generated directory listings. -# -# Required modules: mod_autoindex, mod_alias -# -# To see the listing of a directory, the Options directive for the -# directory must include "Indexes", and the directory must not contain -# a file matching those listed in the DirectoryIndex directive. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing HTMLTable VersionSort - -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/usr/local/apache2/icons/" - -<Directory "/usr/local/apache2/icons"> - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all -</Directory> - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf deleted file mode 100644 index 29dfb72..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf +++ /dev/null @@ -1,52 +0,0 @@ -# -# Distributed authoring and versioning (WebDAV) -# -# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias -# mod_auth_digest, mod_authn_file -# - -# The following example gives DAV write access to a directory called -# "uploads" under the ServerRoot directory. -# -# The User/Group specified in httpd.conf needs to have write permissions -# on the directory where the DavLockDB is placed and on any directory where -# "Dav On" is specified. - -DavLockDB "/usr/local/apache2/var/DavLock" - -Alias /uploads "/usr/local/apache2/uploads" - -<Directory "/usr/local/apache2/uploads"> - Dav On - - Order Allow,Deny - Allow from all - - AuthType Digest - AuthName DAV-upload - - # You can use the htdigest program to create the password database: - # htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin - AuthUserFile "/usr/local/apache2/user.passwd" - AuthDigestProvider file - - # Allow universal read-access, but writes are restricted - # to the admin user. - <LimitExcept GET OPTIONS> - require user admin - </LimitExcept> -</Directory> - -# -# The following directives disable redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with several clients that do not appropriately handle -# redirects for folders with DAV methods. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf deleted file mode 100644 index efeca05..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf +++ /dev/null @@ -1,75 +0,0 @@ -# -# This configuration file reflects default settings for Apache HTTP Server. -# -# You may change these, but chances are that you may not need to. -# - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 5 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens Full - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf deleted file mode 100644 index db316c0..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf +++ /dev/null @@ -1,37 +0,0 @@ -# -# Get information about the requests being processed by the server -# and the configuration of the server. -# -# Required modules: mod_status (for the server-status handler), -# mod_info (for the server-info handler) - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. - -<Location /server-status> - SetHandler server-status - Order deny,allow - Deny from all - Allow from .example.com -</Location> - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -<Location /server-info> - SetHandler server-info - Order deny,allow - Deny from all - Allow from .example.com -</Location> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf deleted file mode 100644 index 7f66461..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf +++ /dev/null @@ -1,141 +0,0 @@ -# -# Settings for hosting different languages. -# -# Required modules: mod_mime, mod_negotiation - -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es) -# Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage tr .tr -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset us-ascii.ascii .us-ascii -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .arb .arabic -AddCharset ISO-8859-7 .iso8859-7 .grk .greek -AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew -AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk -AddCharset ISO-8859-10 .iso8859-10 .latin6 -AddCharset ISO-8859-13 .iso8859-13 -AddCharset ISO-8859-14 .iso8859-14 .latin8 -AddCharset ISO-8859-15 .iso8859-15 .latin9 -AddCharset ISO-8859-16 .iso8859-16 .latin10 -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5.Big5 .big5 .b5 -AddCharset cn-Big5 .cn-big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8 .koi8 -AddCharset KOI8-E .koi8-e -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-U .koi8-u -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-7 .utf7 -AddCharset UTF-8 .utf8 -AddCharset UTF-16 .utf16 -AddCharset UTF-16BE .utf16be -AddCharset UTF-16LE .utf16le -AddCharset UTF-32 .utf32 -AddCharset UTF-32BE .utf32be -AddCharset UTF-32LE .utf32le -AddCharset euc-cn .euc-cn -AddCharset euc-gb .euc-gb -AddCharset euc-jp .euc-jp -AddCharset euc-kr .euc-kr -#Not sure how euc-tw got in - IANA doesn't list it??? -AddCharset EUC-TW .euc-tw -AddCharset gb2312 .gb2312 .gb -AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 -AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 -AddCharset shift_jis .shift_jis .sjis diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf deleted file mode 100644 index fc12fb9..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf +++ /dev/null @@ -1,31 +0,0 @@ -# -# Provide access to the documentation on your server as -# http://yourserver.example.com/manual/ -# The documentation is always available at -# http://httpd.apache.org/docs/2.2/ -# -# Required modules: mod_alias, mod_setenvif, mod_negotiation -# - -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "/usr/local/apache2/manual$1" - -<Directory "/usr/local/apache2/manual"> - Options Indexes - AllowOverride None - Order allow,deny - Allow from all - - <Files *.html> - SetHandler type-map - </Files> - # .tr is text/troff in mime.types! - <Files *.html.tr.utf8> - ForceType "text/html; charset=utf-8" - </Files> - - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru|tr)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru|tr)){2,}(/.*)?$ /manual/$1$2 - - LanguagePriority en de es fr ja ko pt-br ru tr - ForceLanguagePriority Prefer Fallback -</Directory> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf deleted file mode 100644 index 8c44c60..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf +++ /dev/null @@ -1,110 +0,0 @@ -# -# Server-Pool Management (MPM specific) -# - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -# Note that this is the default PidFile for most MPMs. -# -<IfModule !mpm_netware_module> - PidFile "logs/httpd.pid" -</IfModule> - -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_winnt_module> -<IfModule !mpm_netware_module> -LockFile "logs/accept.lock" -</IfModule> -</IfModule> - -# -# Only one of the below sections will be relevant on your -# installed httpd. Use "apachectl -l" to find out the -# active mpm. -# - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_prefork_module> - StartServers 5 - MinSpareServers 5 - MaxSpareServers 10 - MaxClients 150 - MaxRequestsPerChild 0 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_worker_module> - StartServers 2 - MaxClients 150 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadsPerChild 25 - MaxRequestsPerChild 0 -</IfModule> - -# BeOS MPM -# StartThreads: how many threads do we initially spawn? -# MaxClients: max number of threads we can have (1 thread == 1 client) -# MaxRequestsPerThread: maximum number of requests each thread will process -<IfModule mpm_beos_module> - StartThreads 10 - MaxClients 50 - MaxRequestsPerThread 10000 -</IfModule> - -# NetWare MPM -# ThreadStackSize: Stack size allocated for each worker thread -# StartThreads: Number of worker threads launched at server startup -# MinSpareThreads: Minimum number of idle threads, to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# MaxThreads: Maximum number of worker threads alive at the same time -# MaxRequestsPerChild: Maximum number of requests a thread serves. It is -# recommended that the default value of 0 be set for this -# directive on NetWare. This will allow the thread to -# continue to service requests indefinitely. -<IfModule mpm_netware_module> - ThreadStackSize 65536 - StartThreads 250 - MinSpareThreads 25 - MaxSpareThreads 250 - MaxThreads 1000 - MaxRequestsPerChild 0 - MaxMemFree 100 -</IfModule> - -# OS/2 MPM -# StartServers: Number of server processes to maintain -# MinSpareThreads: Minimum number of idle threads per process, -# to handle request spikes -# MaxSpareThreads: Maximum number of idle threads per process -# MaxRequestsPerChild: Maximum number of connections per server process -<IfModule mpm_mpmt_os2_module> - StartServers 2 - MinSpareThreads 5 - MaxSpareThreads 10 - MaxRequestsPerChild 0 -</IfModule> - -# WinNT MPM -# ThreadsPerChild: constant number of worker threads in the server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_winnt_module> - ThreadsPerChild 150 - MaxRequestsPerChild 0 -</IfModule> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf deleted file mode 100644 index 8ff9a45..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf +++ /dev/null @@ -1,52 +0,0 @@ -# -# The configuration below implements multi-language error documents through -# content-negotiation. -# -# Required modules: mod_alias, mod_include, mod_negotiation -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /usr/local/apache2/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. - -Alias /error/ "/usr/local/apache2/error/" - -<Directory "/usr/local/apache2/error"> - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr - ForceLanguagePriority Prefer Fallback -</Directory> - -ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -ErrorDocument 410 /error/HTTP_GONE.html.var -ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf deleted file mode 100644 index 51f3784..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf +++ /dev/null @@ -1,269 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailed information about these -# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -# -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the SSL library. -# The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -# -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - - -# -# When we also provide SSL we have to listen to the -# standard HTTP port (see above) and to the HTTPS port -# -# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two -# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" -# -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate, -# and that httpd will negotiate as the client of a proxied server. -# See the OpenSSL documentation for a complete list of ciphers, and -# ensure these follow appropriate best practices for this deployment. -# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, -# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 - -# By the end of 2016, only TLSv1.2 ciphers should remain in use. -# Older ciphers should be disallowed as soon as possible, while the -# kRSA ciphers do not offer forward secrecy. These changes inhibit -# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy -# non-browser tooling) from successfully connecting. -# -# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable -# those protocols which do not support forward secrecy, replace -# the SSLCipherSuite and SSLProxyCipherSuite directives above with -# the following two directives, as soon as practical. -# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA -# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA - -# User agents such as web browsers are not configured for the user's -# own preference of either security or performance, therefore this -# must be the prerogative of the web server administrator who manages -# cpu load versus confidentiality, so enforce the server's cipher order. -SSLHonorCipherOrder on - -# SSL Protocol support: -# List the protocol versions which clients are allowed to connect with. -# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) -# should be disabled as quickly as practical. By the end of 2016, only -# the TLSv1.2 protocol or later should remain in use. -SSLProtocol all -SSLv2 -SSLv3 -SSLProxyProtocol all -SSLv2 -SSLv3 - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -#SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache" -SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex "file:/usr/local/apache2/logs/ssl_mutex" - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:443> - -# General setup for the virtual host -DocumentRoot "/usr/local/apache2/htdocs" -ServerName www.example.com:443 -ServerAdmin you@example.com -ErrorLog "/usr/local/apache2/logs/error_log" -TransferLog "/usr/local/apache2/logs/access_log" - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. Keep -# in mind that if you have both an RSA and a DSA certificate you -# can configure both in parallel (to also allow the use of DSA -# ciphers, etc.) -# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) -# require an ECC certificate which can also be configured in -# parallel. -SSLCertificateFile "/usr/local/apache2/conf/server.crt" -#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt" -#SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt" - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -# ECC keys, when in use, can also be configured in parallel -SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" -#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key" -#SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key" - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convenience. -#SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt" - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -# Note: Inside SSLCACertificatePath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt" -#SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt" - -# Certificate Revocation Lists (CRL): -# Set the CA revocation path where to find CA CRLs for client -# authentication or alternatively one huge file containing all -# of them (file must be PEM encoded) -# Note: Inside SSLCARevocationPath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl" -#SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle.crl" - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire -<FilesMatch "\.(cgi|shtml|phtml|php)$"> - SSLOptions +StdEnvVars -</FilesMatch> -<Directory "/usr/local/apache2/cgi-bin"> - SSLOptions +StdEnvVars -</Directory> - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is sent or allowed to be received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog "/usr/local/apache2/logs/ssl_request_log" \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf deleted file mode 100644 index 567bd6d..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Settings for user home directories -# -# Required module: mod_userdir - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. Note that you must also set -# the default access control for these directories, as in the example below. -# -UserDir public_html - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -<Directory "/home/*/public_html"> - AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - <Limit GET POST OPTIONS> - Order allow,deny - Allow from all - </Limit> - <LimitExcept GET POST OPTIONS> - Order deny,allow - Deny from all - </LimitExcept> -</Directory> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf deleted file mode 100644 index 12995e2..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf +++ /dev/null @@ -1,45 +0,0 @@ -# -# Virtual Hosts -# -# If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs/2.2/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -NameVirtualHost *:80 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for all requests that do not -# match a ServerName or ServerAlias in any <VirtualHost> block. -# -<VirtualHost *:8080> - ServerAdmin webmaster@dummy-host.example.com - DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com" - ServerName dummy-host.example.com - ServerAlias www.dummy-host.example.com - ErrorLog "logs/dummy-host.example.com-error_log" - CustomLog "logs/dummy-host.example.com-access_log" common -</VirtualHost> - -<VirtualHost *:8080> - ServerAdmin webmaster@dummy-host2.example.com - DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com" - ServerName dummy-host2.example.com - ErrorLog "logs/dummy-host2.example.com-error_log" - CustomLog "logs/dummy-host2.example.com-access_log" common -</VirtualHost> - - - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf deleted file mode 100644 index 8724924..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf +++ /dev/null @@ -1,494 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.2> for detailed information. -# In particular, see -# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to point the LockFile directive -# at a local disk. If you wish to share the same ServerRoot for multiple -# httpd daemons, you will need to change at least LockFile and PidFile. -# -ServerRoot "/usr/local/apache2" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 8080 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authn_alias_module modules/mod_authn_alias.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule authz_default_module modules/mod_authz_default.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule file_cache_module modules/mod_file_cache.so -LoadModule cache_module modules/mod_cache.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule mem_cache_module modules/mod_mem_cache.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule include_module modules/mod_include.so -LoadModule filter_module modules/mod_filter.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule cern_meta_module modules/mod_cern_meta.so -LoadModule expires_module modules/mod_expires.so -LoadModule headers_module modules/mod_headers.so -LoadModule ident_module modules/mod_ident.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule asis_module modules/mod_asis.so -LoadModule info_module modules/mod_info.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule imagemap_module modules/mod_imagemap.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so - -<IfModule !mpm_netware_module> -<IfModule !mpm_winnt_module> -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User daemon -Group daemon - -</IfModule> -</IfModule> - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin you@example.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -#ServerName www.example.com:80 - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/apache2/htdocs" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# -<Directory /> - Options FollowSymLinks - AllowOverride None - Order deny,allow - Deny from all -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# -<Directory "/usr/local/apache2/htdocs"> - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.2/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Order allow,deny - Allow from all - -</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -<IfModule dir_module> - DirectoryIndex index.html -</IfModule> - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<FilesMatch "^\.ht"> - Order allow,deny - Deny from all - Satisfy All -</FilesMatch> - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog "logs/error_log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -<IfModule log_config_module> - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - <IfModule logio_module> - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - </IfModule> - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a <VirtualHost> - # container, they will be logged here. Contrariwise, if you *do* - # define per-<VirtualHost> access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "logs/access_log" combined -</IfModule> - -<IfModule alias_module> - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a <Directory> section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" - -</IfModule> - -<IfModule cgid_module> - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock logs/cgisock -</IfModule> - -# -# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "/usr/local/apache2/cgi-bin"> - AllowOverride None - Options None - Order allow,deny - Allow from all -</Directory> - -# -# DefaultType: the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -<IfModule headers_module> - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early -</IfModule> - -<IfModule mime_module> - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig conf/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml -</IfModule> - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile conf/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall is used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# -#EnableMMAP off -#EnableSendfile off - -# Supplemental configuration -# -# The configuration files in the conf/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include conf/extra/httpd-mpm.conf - -# Multi-language error messages -#Include conf/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include conf/extra/httpd-autoindex.conf - -# Language settings -#Include conf/extra/httpd-languages.conf - -# User home directories -#Include conf/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include conf/extra/httpd-info.conf - -# Virtual hosts -#Include conf/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include conf/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include conf/extra/httpd-dav.conf - -# Various default settings -#Include conf/extra/httpd-default.conf - -# Secure (SSL/TLS) connections -#Include conf/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# -<IfModule ssl_module> -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -</IfModule> diff --git a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl deleted file mode 100644 index d155267..0000000 --- a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl +++ /dev/null @@ -1,43 +0,0 @@ ---- -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegedContainer: false -allowedCapabilities: null -apiVersion: v1 -defaultAddCapabilities: null -fsGroup: - type: MustRunAs -groups: -- system:authenticated -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: restricted denies access to all host features and requires - pods to be run with a UID, and SELinux context that are allocated to the namespace. This - is the most restrictive SCC. - creationTimestamp: null - name: katrin-restricted -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: -- KILL -- MKNOD -- SYS_CHROOT -- SETUID -- SETGID -runAsUser: - type: MustRunAsRange -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -volumes: -- glusterfs -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- secret diff --git a/setup/projects/katrin/templates/40-kaas-manager.yml.j2 b/setup/projects/katrin/templates/40-kaas-manager.yml.j2 new file mode 120000 index 0000000..b7233ad --- /dev/null +++ b/setup/projects/katrin/templates/40-kaas-manager.yml.j2 @@ -0,0 +1 @@ +../../kaas/templates/40-kaas-manager.yml.j2
\ No newline at end of file diff --git a/setup/projects/katrin/templates/katrin.yml.j2.bk b/setup/projects/katrin/templates/katrin.yml.j2.bk deleted file mode 100644 index 5d032b3..0000000 --- a/setup/projects/katrin/templates/katrin.yml.j2.bk +++ /dev/null @@ -1,135 +0,0 @@ ---- -apiVersion: v1 -kind: Template -metadata: - name: kaas - annotations: - descriptions: "KATRIN Routing Service" -objects: - - apiVersion: v1 - kind: Service - metadata: - name: kaas - spec: - selector: - name: kaas - ports: - - name: http - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - apiVersion: v1 - kind: Route - metadata: - name: kaas - spec: - host: {{ kaas_project_config.katrin_node }} - to: - kind: Service - name: kaas - port: - targetPort: http - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow - certificate: |- - -----BEGIN CERTIFICATE----- - MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV - BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK - DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN - MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG - A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD - VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I - ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU - GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n - qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH - DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3 - 060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV - HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu - cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL - ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x - G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs - WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6 - /ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE - qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp - j5rXZ3Oda5tHYrnPsA== - -----END CERTIFICATE----- - key: |- - -----BEGIN PRIVATE KEY----- - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIn36cpuErgBpX - JUf+OYDE8UL+jayF6OYUv2MgTgivKt2eKt6nFyC93bFylNh45vlMwooW0map5beM - 84HeMATIvO+7LVpjB38M3HgD1VQY7ayF2qM8xoE6TgqOyNme37y2hYl4AFiwnicB - OlszSKORfpGpChFuiJopaW+jXSeox8aZCMxH6ULm6EXmFaEfAP6o+KAQUZiKzvd2 - AUOHJ1+XinM9cHJK/iEzjMe8cccM7RCKkYjHCYyvDhT/Liyc3WEMI8UMk3dZ6Eri - W3u0PwRrVXCKQIuHZ5n6/3gFALfTrSEcgLiUSG1NoOw1esYjDOpU/1M+45UQ6AQC - PHI3XYPTAgMBAAECggEAFFXubIyR2Gn0wY6a3I8RmWTnKIxNx4kTAVlg/95JDRBo - RGcOCJvUispU+UtTIfYvoPM7MhMDqwcI8vWf3Vi6s2pLVorDVbRl0XTriV/vVVOK - IEtILpnkcXeFpHGBdZQyOcIRbCOE2eo+A+bZZbpgMhhFRYAqwiyAi+APG90ObxIb - AqTEeTyztqyrKfnTdr50owL2KT7adS6XuSUNX681IJc+szbQ7piXN57Kdxd2PydM - JnSZAOBpQHkbiOEDUseeDjYRT23loeMIS7nWTwo1Y1LwsEKL5S7C0fKBfZV9xARw - TntGuM87HzbAk4535We8qW3t/5EqpzurgK7u9/PEEQKBgQDjy8CjDdobGK9+VUDg - iHbANbzEB4LrpVJiE+esr0iLXOoMdfTPwpd4XpbPPOjx/A9+6VfpdGt1EdZwLMpy - qryPW0iumsri3iPSVBS79mN6WmwYhNOcOTWlmbs4pEhubht9aNBi7rZ7QZgV3PLN - 7YBZHzxfyxTcIBCAzzoF7zaUeQKBgQDhdneOijWAYx0AMKTBzJw52KO/gloTDl9M - mOhvUIuYxkUE/mDE5EqI6k9VkbAqUvlD3z2S7yNY+h2hldO+u3w8GPo+bTCMyNDB - 0tQGCZnbKl8mfmItUlTyJ/MmNbanmYI2VmhDTMh6S8d8qKW9txXfDEXrzY2p7z/X - gRF3Ow9PqwKBgGw7CMHv+Ora5bbehr6n19QnNBLnhrqzh9r1niOb/JnKgaF+Ad0c - lZ8pQfog9ITUwAAKmixflha/bOVLQr0Mhh6Ovo/HGBKGfPqX3GoZ/NXLVISpx2j4 - fZa63gthctCVHBaP0ELRLH6PgdURb4OMDmlJwAO7l6Om0HCDBQyAxavxAoGAZPUJ - QBh/MIgxGj6t5+HZKsXpPP3/m3zaC5CEtCOa/sP5b+0AI+odvgU9lRFxkuIon828 - 4qiWaWdGEW7nrAaD8N02YPG/xaq+X6wqKLHv5QWqKbB6AdVWGEDvTfLLYW0Js48p - jMk7FBgOsbFK1hK/hmsWfCpE/w0Ux0kSKxOVHZUCgYEA41rhW18+KdxJyQTZaQRV - 0KQr8/30L116XYYTYrkILa6504nXMr7xSHuMxaPNl20b/sBz8a8VuKJt2CLZQ0Q3 - oW3GAG2Fk+mvrauLriiJ2KgZkS5IJweJKHbIk1GQrucNArNojk9unrqN8wpa3Ywo - 9GafqnfUGu+FVd1CKolicSA= - -----END PRIVATE KEY----- - - apiVersion: v1 - kind: DeploymentConfig - metadata: - name: kaas - spec: - replicas: 1 - selector: - name: kaas - template: - metadata: - name: kaas - labels: - name: kaas - strategy: - type: Rolling - triggers: - - type: ConfigChange - spec: - nodeSelector: - master: "1" - containers: - - name: kaas - image: centos/httpd-24-centos7 - imagePullPolicy: Always - ports: - - containerPort: 8080 - - containerPort: 8443 - volumeMounts: - - name: config - subPath: etc/apache2-kaas - mountPath: /etc/httpd - - name: config - subPath: log/apache2-kaas - mountPath: /var/log/httpd24 - - name: config - subPath: htdocs/kaas - mountPath: /opt/rh/httpd24/root/var/www/html - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 3 - httpGet: - path: /index.html - port: 8080 - volumes: - - name: config - persistentVolumeClaim: - claimName: openshift diff --git a/setup/projects/katrin/vars/katrin.yml b/setup/projects/katrin/vars/katrin.yml deleted file mode 100644 index c825654..0000000 --- a/setup/projects/katrin/vars/katrin.yml +++ /dev/null @@ -1,7 +0,0 @@ -#katrin_openshift_volumes: -#adei_openshift_volumes: - -#volumes: "{{ ands_openshift_volumes | combine (katrin_openshift_volumes, adei_openshift_volumes) }}" -#files: "{{ ands_openshift_files | union([]) }}" -#file_owner: katrin -#file_group: katrin
\ No newline at end of file diff --git a/setup/projects/katrin/vars/pods.yml b/setup/projects/katrin/vars/pods.yml deleted file mode 100644 index 1334242..0000000 --- a/setup/projects/katrin/vars/pods.yml +++ /dev/null @@ -1,42 +0,0 @@ -# First port is exposed - -pods: - kaas: - variant: "{{ ands_prefer_docker | default(false) | ternary('docker', 'centos') }}" - centos: - service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] } - sched: { replicas: 1, selector: { master: 1 } } - selector: { master: 1 } - images: - - image: "centos/httpd-24-centos7" - mappings: - - { name: "etc", path: "apache2-kaas-centos", mount: "/etc/httpd" } - - { name: "www", path: "kaas", mount: "/opt/rh/httpd24/root/var/www/html" } - - { name: "log", path: "apache2-kaas", mount: "/var/log/httpd24" } - probes: - - { port: 8080, path: '/index.html' } - docker: - service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] } - sched: { replicas: 1, selector: { master: 1 } } - selector: { master: 1 } - images: - - image: "httpd:2.2" - mappings: - - { name: "etc", path: "apache2-kaas-docker", mount: "/usr/local/apache2/conf" } - - { name: "www", path: "kaas", mount: "/usr/local/apache2/htdocs" } - - { name: "log", path: "apache2-kaas", mount: "/usr/local/apache2/logs" } - probes: - - { port: 8080, path: '/index.html' } - -#pods: -# kaas: "{{ kaas_project_config.pod_variants[ ands_prefer_docker | default(false) | ternary(1, 0) ] }}" - - - -#oc: -# - template: "[0-3]*" -# - template: "[4-6]*" -# - resource: "route/apache" -# oc: "expose svc/kaas --name apache --hostname=apache.{{ openshift_master_default_subdomain }}" -# - template: "*" -
\ No newline at end of file diff --git a/setup/projects/katrin/vars/volumes.yml b/setup/projects/katrin/vars/volumes.yml new file mode 100644 index 0000000..ca22a28 --- /dev/null +++ b/setup/projects/katrin/vars/volumes.yml @@ -0,0 +1,11 @@ +gids: + katrin: { id: 5000 } + +extra_volumes: + katrin: { volume: "katrin_data", path: "/", capacity: "40Ti", write: true } + +files: + - { osv: "katrin", path: "/", state: "directory", group: "katrin", mode: "0775" } + +#resync: true +#sync_set_gid: katrin |