--- apache2-frontend/apache2.conf	2015/06/19 08:41:25	1.7
+++ apache2-frontend/apache2.conf	2022/09/24 11:21:24	1.18
@@ -6,17 +6,23 @@
 Mutex pthread default
 PidFile /run/frontend.pid
 
-Timeout 60
+Timeout 30
 KeepAlive On
 MaxKeepAliveRequests 100
-KeepAliveTimeout 30
+KeepAliveTimeout 2
 
+#TODO: should be it's own user id
 User www-data
 Group www-data
 
-HostnameLookups Off
+GracefulShutdownTimeout 8
 
 AddDefaultCharset UTF-8
+# EnableSendfile On
+
+# to be sure, spell out some defaults
+HostnameLookups Off
+AllowEncodedSlashes Off
 
 # LogLevel: Control the severity of messages logged to the error_log.
 # Available values: trace8, ..., trace1, debug, info, notice, warn,
@@ -26,65 +32,55 @@
 #
 LogLevel warn
 
-LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
+# event segfaults, hangs, creates unexplained error messages...
+#LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
+#LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
 LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
 LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
 
 LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
 TypesConfig /etc/mime.types
 LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so
+MIMEMagicFile /etc/apache2/magic
 
-# must not be loaded
+# must NOT be loaded
 #LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
 #DirectoryIndex index.html
 
 LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so
-IndexOptions Charset=UTF-8 FancyIndexing FoldersFirst HTMLTable SuppressColumnSorting
+IndexOptions Charset=UTF-8 FancyIndexing FoldersFirst HTMLTable IgnoreCase SuppressColumnSorting NameWidth=* SuppressDescription SuppressIcon
 HeaderName HEADER.html
 ReadmeName FOOTER.html
 
+LoadModule status_module /usr/lib/apache2/modules/mod_status.so
+#ExtendedStatus Off # ON is the default
+
 LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
+LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
 #LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
 
 LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
 #ProxySCGIInternalRedirect Internal-Redirect apache 2.6 :/
 ProxySCGIInternalRedirect On
 ProxySCGISendfile On
+ProxyTimeout 120
 
 #LoadModule proxy_fdpass_module /usr/lib/apache2/modules/mod_proxy_fdpass.so
 LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
 LoadModule xml2enc_module /usr/lib/apache2/modules/mod_xml2enc.so
-LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
+#LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
 LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so
 
 LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so
 
-# Sets the default security model of the Apache2 HTTPD server. It does
-# not allow access to the root filesystem outside of /usr/share and /var/www.
-# The former is used by web applications packaged in Debian,
-# the latter may be used for local directories served by the web server. If
-# your system is serving content from a sub-directory in /srv you must allow
-# access here, or in any related virtual host.
-<Directory />
-   Options FollowSymLinks
-   AllowOverride None
-   Require all denied
-</Directory>
+#<Directory />
+#   Options FollowSymLinks
+#   AllowOverride None
+##   Require all denied
+#</Directory>
 
-<Directory /var/www/>
-   Options Indexes FollowSymLinks
-   Require all granted
-</Directory>
-
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<FilesMatch "^\.ht">
-   Require all denied
-</FilesMatch>
+#AccessFileName .htaccess
 
 LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %{Host}i" schmorp
 LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
@@ -92,26 +88,27 @@
 LogFormat "%{Referer}i -> %U" referer
 LogFormat "%{User-agent}i" agent
 
-CustomLog /var/log/frontend/access.log schmorp
+CustomLog /var/log/frontend/access.log schmorp env=!suppress-logging
 ErrorLog /var/log/frontend/error.log
 
+ListenBacklog      511
 ServerLimit          1
-MaxClients         100
+#MaxClients         100
 MaxRequestWorkers  100
 StartServers         1
 ThreadsPerChild    100
-ThreadLimit        200
+ThreadLimit        100
 MinSpareThreads      6
-MaxSpareThreads     16
+MaxSpareThreads    100
 
 MaxMemFree          64
-#ThreadStackSize  65536 # basically gets ignored
+ThreadStackSize 196608
 
 PerlInterpStart 1
 PerlInterpMax 1
 PerlInterpMinSpare 0
 PerlInterpMaxSpare 1
-PerlInterpScope Handler
+#PerlInterpScope Handler
 
 Include proxy_html.conf
 
@@ -123,7 +120,7 @@
 
 # mod_proxy_html uncompresses content, but doesn't recompress nor remove
 # content-encoding header
-SetOutputFilter INFLATE;DEFLATE
+#SetOutputFilter INFLATE;DEFLATE
 
 <Perl>
    use Apache2::ServerUtil ();
@@ -132,14 +129,17 @@
    use proxy_impl;
 </Perl>
 
-PerlOptions None +Trans +MapToStorage +HeaderParser +Authen +Authz +Type
+PerlOptions None +Trans +MapToStorage +HeaderParser +Authz +Type
 
 PerlTransHandler Apache2::Const::OK
 PerlMapToStorageHandler proxy_impl::map_to_storage
 PerlHeaderParserHandler Apache2::Const::OK
-#PerlAccessHandler Apache2::Const::OK
-PerlAuthenHandler Apache2::Const::OK
+
+#PerlAuthenHandler Apache2::Const::OK
 PerlAuthzHandler Apache2::Const::OK
+
+# always runs all
+#PerlAccessHandler Apache2::Const::OK
 #PerlTypeHandler Apache2::Const::OK
 #PerlFixupHandler Apache2::Const::OK
 
@@ -168,7 +168,7 @@
 
 <Location />
    Options Indexes FollowSymLinks
-   Require all granted
+#   Require all granted
 </Location>
 
 Include local.conf