damia apache config. situation as of 2021/03/16

damia/etc/apache2/conf-available/charset.conf

@@ -0,0 +1,8 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

damia/etc/apache2/conf-available/localized-error-pages.conf

@@ -0,0 +1,81 @@
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis.  If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+#		  SetHandler directive in a <Location /> context somewhere. Adding
+#		  the following three lines AFTER the <Location /> context should
+#		  make it work in most cases:
+#		  <Location /error/>
+#			 SetHandler none
+#		  </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+#	<IfModule mod_include.c>
+#		<IfModule mod_alias.c>
+#
+#			Alias /error/ "/usr/share/apache2/error/"
+#
+#			<Directory "/usr/share/apache2/error">
+#				Options IncludesNoExec
+#				AddOutputFilter Includes html
+#				AddHandler type-map var
+#				Order allow,deny
+#				Allow from all
+#				LanguagePriority en cs de es fr it nl sv pt-br ro
+#				ForceLanguagePriority Prefer Fallback
+#			</Directory>
+#
+#			ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#			ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#			ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#			ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#			ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#			ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#			ErrorDocument 410 /error/HTTP_GONE.html.var
+#			ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#			ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#			ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#			ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#			ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#			ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#			ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#			ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#			ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#			ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+#		</IfModule>
+#	</IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

damia/etc/apache2/conf-available/other-vhosts-access-log.conf

@@ -0,0 +1,4 @@
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

damia/etc/apache2/conf-available/php5-cgi.conf

@@ -0,0 +1,35 @@
+# This file replaces old system MIME types and sets them only in the
+# Apache webserver
+
+# application/x-httpd-php                        phtml pht php
+# application/x-httpd-php3                       php3
+# application/x-httpd-php4                       php4
+# application/x-httpd-php5                       php
+<FilesMatch ".+\.ph(p[345]?|t|tml)$">
+    SetHandler application/x-httpd-php
+</FilesMatch>
+# application/x-httpd-php-source                 phps
+<FilesMatch ".+\.phps$">
+    SetHandler application/x-httpd-php-source
+    # Deny access to raw php sources by default
+    # To re-enable it's recommended to enable access to the files
+    # only in specific virtual host or directory
+    Require all denied
+</FilesMatch>
+# Deny access to files without filename (e.g. '.php')
+<FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
+    Require all denied
+</FilesMatch>
+
+# To enable PHP CGI site-wide, just uncomment following lines, however
+# as a security measure, it's recommended to enable PHP just in the
+# specific virtual servers or just specific directories
+
+#ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+#<Directory "/usr/lib/cgi-bin">
+#    AllowOverride None
+#    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+#    Order allow,deny
+#    Allow from all
+#</Directory>
+#Action application/x-httpd-php /cgi-bin/php5

damia/etc/apache2/conf-available/php7.0-fpm.conf

@@ -0,0 +1,23 @@
+# Redirect to local php-fpm if mod_php is not available
+<IfModule !mod_php7.c>
+<IfModule proxy_fcgi_module>
+    # Enable http authorization headers
+    <IfModule setenvif_module>
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+    </IfModule>
+
+    <FilesMatch ".+\.ph(p[3457]?|t|tml)$">
+        SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+    <FilesMatch ".+\.phps$">
+        # Deny access to raw php sources by default
+        # To re-enable it's recommended to enable access to the files
+        # only in specific virtual host or directory
+        Require all denied
+    </FilesMatch>
+    # Deny access to files without filename (e.g. '.php')
+    <FilesMatch "^\.ph(p[3457]?|t|tml|ps)$">
+        Require all denied
+    </FilesMatch>
+</IfModule>
+</IfModule>

damia/etc/apache2/conf-available/php7.3-fpm.conf

@@ -0,0 +1,23 @@
+# Redirect to local php-fpm if mod_php is not available
+<IfModule !mod_php7.c>
+<IfModule proxy_fcgi_module>
+    # Enable http authorization headers
+    <IfModule setenvif_module>
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+    </IfModule>
+
+    <FilesMatch ".+\.ph(ar|p|tml)$">
+        SetHandler "proxy:unix:/run/php/php7.3-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+    <FilesMatch ".+\.phps$">
+        # Deny access to raw php sources by default
+        # To re-enable it's recommended to enable access to the files
+        # only in specific virtual host or directory
+        Require all denied
+    </FilesMatch>
+    # Deny access to files without filename (e.g. '.php')
+    <FilesMatch "^\.ph(ar|p|ps|tml)$">
+        Require all denied
+    </FilesMatch>
+</IfModule>
+</IfModule>

damia/etc/apache2/conf-available/php7.4-fpm.conf

@@ -0,0 +1,23 @@
+# Redirect to local php-fpm if mod_php is not available
+<IfModule !mod_php7.c>
+<IfModule proxy_fcgi_module>
+    # Enable http authorization headers
+    <IfModule setenvif_module>
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+    </IfModule>
+
+    <FilesMatch ".+\.ph(ar|p|tml)$">
+        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+    <FilesMatch ".+\.phps$">
+        # Deny access to raw php sources by default
+        # To re-enable it's recommended to enable access to the files
+        # only in specific virtual host or directory
+        Require all denied
+    </FilesMatch>
+    # Deny access to files without filename (e.g. '.php')
+    <FilesMatch "^\.ph(ar|p|ps|tml)$">
+        Require all denied
+    </FilesMatch>
+</IfModule>
+</IfModule>

damia/etc/apache2/conf-available/php8.0-fpm.conf

@@ -0,0 +1,23 @@
+# Redirect to local php-fpm if mod_php is not available
+<IfModule !mod_php8.c>
+<IfModule proxy_fcgi_module>
+    # Enable http authorization headers
+    <IfModule setenvif_module>
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+    </IfModule>
+
+    <FilesMatch ".+\.ph(ar|p|tml)$">
+        SetHandler "proxy:unix:/run/php/php8.0-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+    <FilesMatch ".+\.phps$">
+        # Deny access to raw php sources by default
+        # To re-enable it's recommended to enable access to the files
+        # only in specific virtual host or directory
+        Require all denied
+    </FilesMatch>
+    # Deny access to files without filename (e.g. '.php')
+    <FilesMatch "^\.ph(ar|p|ps|tml)$">
+        Require all denied
+    </FilesMatch>
+</IfModule>
+</IfModule>

damia/etc/apache2/conf-available/security.conf

@@ -0,0 +1,74 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+#   AllowOverride None
+#   Require all denied
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+#ServerTokens OS
+ServerTokens Prod
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+ServerSignature Off
+#ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of:  On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+#   Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

damia/etc/apache2/conf-available/serve-cgi-bin.conf

@@ -0,0 +1,20 @@
+<IfModule mod_alias.c>
+	<IfModule mod_cgi.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfModule mod_cgid.c>
+		Define ENABLE_USR_LIB_CGI_BIN
+	</IfModule>
+
+	<IfDefine ENABLE_USR_LIB_CGI_BIN>
+		ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+		<Directory "/usr/lib/cgi-bin">
+			AllowOverride None
+			Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+			Require all granted
+		</Directory>
+	</IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

damia/etc/apache2/conf-available/servername.conf

@@ -0,0 +1 @@
+ServerName faivre.ml