# mysqlISP/docs $Id: webadmin_httpd.conf.txt,v 1.3 2003/06/06 19:59:26 ggw Exp $

#Note that the path to ~openisp is probably /home/openisp on your system
#but maybe is not.
#
#Cleaned httpd.conf For Apache 1.3.27 mod_ssl with the default static modules


ServerType standalone
ServerRoot "/home/openisp"
PidFile /home/openisp/logs/httpd.pid
ScoreBoardFile /home/openisp/logs/httpd.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 10000

Listen 192.168.0.17:3678
<VirtualHost 192.168.0.17:3678>
DocumentRoot "/home/openisp/htdocs"
ServerName dega.isp.net
ServerAdmin joe@dega.isp.net
</VirtualHost>                                  


User openisp 
Group openisp 
DocumentRoot "/home/openisp/htdocs"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory "/home/openisp/htdocs">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

DirectoryIndex index.html index.htm home.htm default.htm default.html
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

UseCanonicalName On
TypesConfig /usr/local/apache/conf/mime.types
DefaultType text/plain

#VERY IMPORTANT
HostnameLookups Off

#Only logs for ALL servers
ErrorLog /home/openisp/logs/error_log
TransferLog /home/openisp/logs/access_log


LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ServerSignature EMail

Alias /icons/ "/usr/local/apache/icons/"

<Directory "/usr/local/apache/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

ScriptAlias /cgi-bin/ "/home/openisp/cgi-bin/"

<Directory "/home/openisp/cgi-bin">
    AllowOverride None
    Options FollowSymLinks
    Order allow,deny
    #isp.net intranet only. Could easily be extended to certain workstations 
    #(users) or class C's easily
    Allow from 192.168.0
</Directory>

IndexOptions FancyIndexing
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage pt .pt
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz

LanguagePriority en da nl et fr de el it pt ltz ca es sv
AddType application/x-tar .tgz
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0


#Must start httpd with -DSSL
<IfDefine SSL>

##  SSL Global Context

AddType application/x-x509-ca-cert .crt
AddType application/x-x509-user-cert .pem
AddType application/x-pkcs7-crl    .crl


#This might not work on older 2.6-2.5 SOLARIS machines check
SSLSessionCache         dbm:/home/openisp/logs/ssl_scache
#Use this instead
#SSLSessionCache	none
SSLSessionCacheTimeout  300

SSLMutex  file:/home/openisp/logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

SSLLog      /home/openisp/logs/ssl_engine_log
SSLLogLevel warn

Listen 192.168.0.17:5623
<VirtualHost 192.168.0.17:5623>
DocumentRoot "/home/opensip/htdocs"
ServerName dega.isp.net
ServerAdmin joe@dega.isp.net

#This is our way of saving SSL certs but the mod_ssl script does not do this!
#You can also use openssl to make the CA, the server cert and key.
SSLEngine on
SSLCertificateFile /home/openisp/conf/dega.isp.net.pem
#See make certificate step
#Not encrypted key...used here but could be with passout program: Security? Same.
SSLCertificateKeyFile /home/openisp/conf/isp.key.pem
#SSLPassPhraseDialog  exec:/home/openisp/conf/passout

<Files ~ "\.(cgi|shtml)$">
    SSLOptions +StdEnvVars
</Files>
ScriptAlias /cgi-bin/ "/home/openisp/cgi-bin/"
<Directory "/home/openisp/cgi-bin">
    SSLOptions +StdEnvVars
    AllowOverride None
    Options FollowSymLinks
    Order allow,deny
    #isp.net intranet only. Could easily be extended to certain workstations 
    #(users) or class C's easily
    Allow from 192.168.0
</Directory>

#You could require personal cert here and all kinds of fancy stuff...probably not needed
#unless webconsole is on edge server (internet firewall zone.)

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

</VirtualHost>                                  

</IfDefine>