--- apache2-frontend/apache2.conf 2015/06/19 08:41:25 1.7
+++ apache2-frontend/apache2.conf 2022/09/24 11:21:24 1.18
@@ -6,17 +6,23 @@
Mutex pthread default
PidFile /run/frontend.pid
-Timeout 60
+Timeout 30
KeepAlive On
MaxKeepAliveRequests 100
-KeepAliveTimeout 30
+KeepAliveTimeout 2
+#TODO: should be it's own user id
User www-data
Group www-data
-HostnameLookups Off
+GracefulShutdownTimeout 8
AddDefaultCharset UTF-8
+# EnableSendfile On
+
+# to be sure, spell out some defaults
+HostnameLookups Off
+AllowEncodedSlashes Off
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
@@ -26,65 +32,55 @@
#
LogLevel warn
-LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
+# event segfaults, hangs, creates unexplained error messages...
+#LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
+#LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
TypesConfig /etc/mime.types
LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so
+MIMEMagicFile /etc/apache2/magic
-# must not be loaded
+# must NOT be loaded
#LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
#DirectoryIndex index.html
LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so
-IndexOptions Charset=UTF-8 FancyIndexing FoldersFirst HTMLTable SuppressColumnSorting
+IndexOptions Charset=UTF-8 FancyIndexing FoldersFirst HTMLTable IgnoreCase SuppressColumnSorting NameWidth=* SuppressDescription SuppressIcon
HeaderName HEADER.html
ReadmeName FOOTER.html
+LoadModule status_module /usr/lib/apache2/modules/mod_status.so
+#ExtendedStatus Off # ON is the default
+
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
+LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
#LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
#ProxySCGIInternalRedirect Internal-Redirect apache 2.6 :/
ProxySCGIInternalRedirect On
ProxySCGISendfile On
+ProxyTimeout 120
#LoadModule proxy_fdpass_module /usr/lib/apache2/modules/mod_proxy_fdpass.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule xml2enc_module /usr/lib/apache2/modules/mod_xml2enc.so
-LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
+#LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so
LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so
-# Sets the default security model of the Apache2 HTTPD server. It does
-# not allow access to the root filesystem outside of /usr/share and /var/www.
-# The former is used by web applications packaged in Debian,
-# the latter may be used for local directories served by the web server. If
-# your system is serving content from a sub-directory in /srv you must allow
-# access here, or in any related virtual host.
-
- Options FollowSymLinks
- AllowOverride None
- Require all denied
-
+#
+# Options FollowSymLinks
+# AllowOverride None
+## Require all denied
+#
-
- Options Indexes FollowSymLinks
- Require all granted
-
-
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-
- Require all denied
-
+#AccessFileName .htaccess
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %{Host}i" schmorp
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
@@ -92,26 +88,27 @@
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
-CustomLog /var/log/frontend/access.log schmorp
+CustomLog /var/log/frontend/access.log schmorp env=!suppress-logging
ErrorLog /var/log/frontend/error.log
+ListenBacklog 511
ServerLimit 1
-MaxClients 100
+#MaxClients 100
MaxRequestWorkers 100
StartServers 1
ThreadsPerChild 100
-ThreadLimit 200
+ThreadLimit 100
MinSpareThreads 6
-MaxSpareThreads 16
+MaxSpareThreads 100
MaxMemFree 64
-#ThreadStackSize 65536 # basically gets ignored
+ThreadStackSize 196608
PerlInterpStart 1
PerlInterpMax 1
PerlInterpMinSpare 0
PerlInterpMaxSpare 1
-PerlInterpScope Handler
+#PerlInterpScope Handler
Include proxy_html.conf
@@ -123,7 +120,7 @@
# mod_proxy_html uncompresses content, but doesn't recompress nor remove
# content-encoding header
-SetOutputFilter INFLATE;DEFLATE
+#SetOutputFilter INFLATE;DEFLATE
use Apache2::ServerUtil ();
@@ -132,14 +129,17 @@
use proxy_impl;
-PerlOptions None +Trans +MapToStorage +HeaderParser +Authen +Authz +Type
+PerlOptions None +Trans +MapToStorage +HeaderParser +Authz +Type
PerlTransHandler Apache2::Const::OK
PerlMapToStorageHandler proxy_impl::map_to_storage
PerlHeaderParserHandler Apache2::Const::OK
-#PerlAccessHandler Apache2::Const::OK
-PerlAuthenHandler Apache2::Const::OK
+
+#PerlAuthenHandler Apache2::Const::OK
PerlAuthzHandler Apache2::Const::OK
+
+# always runs all
+#PerlAccessHandler Apache2::Const::OK
#PerlTypeHandler Apache2::Const::OK
#PerlFixupHandler Apache2::Const::OK
@@ -168,7 +168,7 @@
Options Indexes FollowSymLinks
- Require all granted
+# Require all granted
Include local.conf