diff --git a/certbot-apache/certbot_apache/_internal/configurator.py b/certbot-apache/certbot_apache/_internal/configurator.py index 82b3dcaec..4c68c5ae8 100644 --- a/certbot-apache/certbot_apache/_internal/configurator.py +++ b/certbot-apache/certbot_apache/_internal/configurator.py @@ -354,12 +354,9 @@ class ApacheConfigurator(common.Configurator): self.version = self.get_version() logger.debug('Apache version is %s', '.'.join(str(i) for i in self.version)) - if self.version < (2, 2): + if self.version < (2, 4): raise errors.NotSupportedError( "Apache Version {0} not supported.".format(str(self.version))) - elif self.version < (2, 4): - logger.warning('Support for Apache 2.2 is deprecated and will be removed in a ' - 'future release.') # Recover from previous crash before Augeas initialization to have the # correct parse tree from the get go. @@ -1176,46 +1173,6 @@ class ApacheConfigurator(common.Configurator): vhost.aliases.add(serveralias) vhost.name = servername - def is_name_vhost(self, target_addr: obj.Addr) -> bool: - """Returns if vhost is a name based vhost - - NameVirtualHost was deprecated in Apache 2.4 as all VirtualHosts are - now NameVirtualHosts. If version is earlier than 2.4, check if addr - has a NameVirtualHost directive in the Apache config - - :param certbot_apache._internal.obj.Addr target_addr: vhost address - - :returns: Success - :rtype: bool - - """ - # Mixed and matched wildcard NameVirtualHost with VirtualHost - # behavior is undefined. Make sure that an exact match exists - - # search for NameVirtualHost directive for ip_addr - # note ip_addr can be FQDN although Apache does not recommend it - return (self.version >= (2, 4) or - bool(self.parser.find_dir("NameVirtualHost", str(target_addr)))) - - def add_name_vhost(self, addr: obj.Addr) -> None: - """Adds NameVirtualHost directive for given address. - - :param addr: Address that will be added as NameVirtualHost directive - :type addr: :class:`~certbot_apache._internal.obj.Addr` - - """ - - loc = parser.get_aug_path(self.parser.loc["name"]) - if addr.get_port() == "443": - self.parser.add_dir_to_ifmodssl( - loc, "NameVirtualHost", [str(addr)]) - else: - self.parser.add_dir(loc, "NameVirtualHost", [str(addr)]) - - msg = "Setting {0} to be NameBasedVirtualHost\n".format(addr) - logger.debug(msg) - self.save_notes += msg - def prepare_server_https(self, port: str, temp: bool = False) -> None: """Prepare the server for HTTPS. @@ -1363,8 +1320,7 @@ class ApacheConfigurator(common.Configurator): """ if self.options.handle_modules: - if self.version >= (2, 4) and ("socache_shmcb_module" not in - self.parser.modules): + if "socache_shmcb_module" not in self.parser.modules: self.enable_mod("socache_shmcb", temp=temp) if "ssl_module" not in self.parser.modules: self.enable_mod("ssl", temp=temp) @@ -1451,10 +1407,6 @@ class ApacheConfigurator(common.Configurator): # for the new directives; For these reasons... this is tacked # on after fully creating the new vhost - # Now check if addresses need to be added as NameBasedVhost addrs - # This is for compliance with versions of Apache < 2.4 - self._add_name_vhost_if_necessary(ssl_vhost) - return ssl_vhost def _get_new_vh_path(self, orig_matches: List[str], new_matches: List[str]) -> Optional[str]: @@ -1753,40 +1705,6 @@ class ApacheConfigurator(common.Configurator): aliases = (self.parser.aug.get(match) for match in matches) return self.domain_in_names(aliases, target_name) - def _add_name_vhost_if_necessary(self, vhost: obj.VirtualHost) -> None: - """Add NameVirtualHost Directives if necessary for new vhost. - - NameVirtualHosts was a directive in Apache < 2.4 - https://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost - - :param vhost: New virtual host that was recently created. - :type vhost: :class:`~certbot_apache._internal.obj.VirtualHost` - - """ - need_to_save: bool = False - - # See if the exact address appears in any other vhost - # Remember 1.1.1.1:* == 1.1.1.1 -> hence any() - for addr in vhost.addrs: - # In Apache 2.2, when a NameVirtualHost directive is not - # set, "*" and "_default_" will conflict when sharing a port - addrs = {addr,} - if addr.get_addr() in ("*", "_default_"): - addrs.update(obj.Addr((a, addr.get_port(),)) - for a in ("*", "_default_")) - - for test_vh in self.vhosts: - if (vhost.filep != test_vh.filep and - any(test_addr in addrs for - test_addr in test_vh.addrs) and not self.is_name_vhost(addr)): - self.add_name_vhost(addr) - logger.info("Enabling NameVirtualHosts on %s", addr) - need_to_save = True - break - - if need_to_save: - self.save() - def find_vhost_by_id(self, id_str: str) -> obj.VirtualHost: """ Searches through VirtualHosts and tries to match the id in a comment @@ -2002,12 +1920,6 @@ class ApacheConfigurator(common.Configurator): :param unused_options: Not currently used :type unused_options: Not Available """ - min_apache_ver = (2, 3, 3) - if self.get_version() < min_apache_ver: - raise errors.PluginError( - "Unable to set OCSP directives.\n" - "Apache version is below 2.3.3.") - if "socache_shmcb_module" not in self.parser.modules: self.enable_mod("socache_shmcb") @@ -2188,10 +2100,7 @@ class ApacheConfigurator(common.Configurator): general_vh.filep, ssl_vhost.filep) def _set_https_redirection_rewrite_rule(self, vhost: obj.VirtualHost) -> None: - if self.get_version() >= (2, 3, 9): - self.parser.add_dir(vhost.path, "RewriteRule", constants.REWRITE_HTTPS_ARGS_WITH_END) - else: - self.parser.add_dir(vhost.path, "RewriteRule", constants.REWRITE_HTTPS_ARGS) + self.parser.add_dir(vhost.path, "RewriteRule", constants.REWRITE_HTTPS_ARGS) def _verify_no_certbot_redirect(self, vhost: obj.VirtualHost) -> None: """Checks to see if a redirect was already installed by certbot. @@ -2223,9 +2132,6 @@ class ApacheConfigurator(common.Configurator): rewrite_args_dict[dir_path].append(match) if rewrite_args_dict: - redirect_args = [constants.REWRITE_HTTPS_ARGS, - constants.REWRITE_HTTPS_ARGS_WITH_END] - for dir_path, args_paths in rewrite_args_dict.items(): arg_vals = [self.parser.aug.get(x) for x in args_paths] @@ -2237,7 +2143,7 @@ class ApacheConfigurator(common.Configurator): raise errors.PluginEnhancementAlreadyPresent( "Certbot has already enabled redirection") - if arg_vals in redirect_args: + if arg_vals == constants.REWRITE_HTTPS_ARGS: raise errors.PluginEnhancementAlreadyPresent( "Certbot has already enabled redirection") @@ -2306,12 +2212,6 @@ class ApacheConfigurator(common.Configurator): if ssl_vhost.aliases: serveralias = "ServerAlias " + " ".join(ssl_vhost.aliases) - rewrite_rule_args: List[str] - if self.get_version() >= (2, 3, 9): - rewrite_rule_args = constants.REWRITE_HTTPS_ARGS_WITH_END - else: - rewrite_rule_args = constants.REWRITE_HTTPS_ARGS - return ( f"\n" f"{servername} \n" @@ -2319,7 +2219,7 @@ class ApacheConfigurator(common.Configurator): f"ServerSignature Off\n" f"\n" f"RewriteEngine On\n" - f"RewriteRule {' '.join(rewrite_rule_args)}\n" + f"RewriteRule {' '.join(constants.REWRITE_HTTPS_ARGS)}\n" "\n" f"ErrorLog {self.options.logs_root}/redirect.error.log\n" f"LogLevel warn\n" diff --git a/certbot-apache/certbot_apache/_internal/constants.py b/certbot-apache/certbot_apache/_internal/constants.py index 4e6fa1791..0861e2da9 100644 --- a/certbot-apache/certbot_apache/_internal/constants.py +++ b/certbot-apache/certbot_apache/_internal/constants.py @@ -42,18 +42,14 @@ AUGEAS_LENS_DIR = pkg_resources.resource_filename( """Path to the Augeas lens directory""" REWRITE_HTTPS_ARGS: List[str] = [ - "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,NE,R=permanent]"] -"""Apache version<2.3.9 rewrite rule arguments used for redirections to -https vhost""" - -REWRITE_HTTPS_ARGS_WITH_END: List[str] = [ "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,NE,R=permanent]"] """Apache version >= 2.3.9 rewrite rule arguments used for redirections to https vhost""" OLD_REWRITE_HTTPS_ARGS: List[List[str]] = [ ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"], - ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"]] + ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"], + ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,NE,R=permanent]"]] HSTS_ARGS: List[str] = ["always", "set", "Strict-Transport-Security", "\"max-age=31536000\""] diff --git a/certbot-apache/certbot_apache/_internal/http_01.py b/certbot-apache/certbot_apache/_internal/http_01.py index ade2265ea..bceec2c32 100644 --- a/certbot-apache/certbot_apache/_internal/http_01.py +++ b/certbot-apache/certbot_apache/_internal/http_01.py @@ -24,22 +24,6 @@ logger = logging.getLogger(__name__) class ApacheHttp01(common.ChallengePerformer): """Class that performs HTTP-01 challenges within the Apache configurator.""" - CONFIG_TEMPLATE22_PRE = """\ - RewriteEngine on - RewriteRule ^/\\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ {0}/$1 [L] - - """ - CONFIG_TEMPLATE22_POST = """\ - - Order Allow,Deny - Allow from all - - - Order Allow,Deny - Allow from all - - """ - CONFIG_TEMPLATE24_PRE = """\ RewriteEngine on RewriteRule ^/\\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ {0}/$1 [END] @@ -90,11 +74,7 @@ class ApacheHttp01(common.ChallengePerformer): """Make sure that we have the needed modules available for http01""" if self.configurator.conf("handle-modules"): - needed_modules = ["rewrite"] - if self.configurator.version < (2, 4): - needed_modules.append("authz_host") - else: - needed_modules.append("authz_core") + needed_modules = ["rewrite", "authz_core"] for mod in needed_modules: if mod + "_module" not in self.configurator.parser.modules: self.configurator.enable_mod(mod, temp=True) @@ -131,15 +111,8 @@ class ApacheHttp01(common.ChallengePerformer): self.configurator.reverter.register_file_creation( True, self.challenge_conf_post) - if self.configurator.version < (2, 4): - config_template_pre = self.CONFIG_TEMPLATE22_PRE - config_template_post = self.CONFIG_TEMPLATE22_POST - else: - config_template_pre = self.CONFIG_TEMPLATE24_PRE - config_template_post = self.CONFIG_TEMPLATE24_POST - - config_text_pre = config_template_pre.format(self.challenge_dir) - config_text_post = config_template_post.format(self.challenge_dir) + config_text_pre = self.CONFIG_TEMPLATE24_PRE.format(self.challenge_dir) + config_text_post = self.CONFIG_TEMPLATE24_POST.format(self.challenge_dir) logger.debug("writing a pre config file with text:\n %s", config_text_pre) with open(self.challenge_conf_pre, "w") as new_conf: diff --git a/certbot-apache/certbot_apache/_internal/override_centos.py b/certbot-apache/certbot_apache/_internal/override_centos.py index a436e8457..f9de9fad9 100644 --- a/certbot-apache/certbot_apache/_internal/override_centos.py +++ b/certbot-apache/certbot_apache/_internal/override_centos.py @@ -1,8 +1,6 @@ """ Distribution specific override class for CentOS family (RHEL, Fedora) """ import logging from typing import Any -from typing import cast -from typing import List from certbot_apache._internal import apache_util from certbot_apache._internal import configurator @@ -11,7 +9,6 @@ from certbot_apache._internal.configurator import OsOptions from certbot import errors from certbot import util -from certbot.errors import MisconfigurationError logger = logging.getLogger(__name__) @@ -79,82 +76,6 @@ class CentOSConfigurator(configurator.ApacheConfigurator): return CentOSParser( self.options.server_root, self, self.options.vhost_root, self.version) - def _deploy_cert(self, *args: Any, **kwargs: Any) -> None: # pylint: disable=arguments-differ - """ - Override _deploy_cert in order to ensure that the Apache configuration - has "LoadModule ssl_module..." before parsing the VirtualHost configuration - that was created by Certbot - """ - super()._deploy_cert(*args, **kwargs) - if self.version < (2, 4, 0): - self._deploy_loadmodule_ssl_if_needed() - - def _deploy_loadmodule_ssl_if_needed(self) -> None: - """ - Add "LoadModule ssl_module " to main httpd.conf if - it doesn't exist there already. - """ - - loadmods = self.parser.find_dir("LoadModule", "ssl_module", exclude=False) - - correct_ifmods: List[str] = [] - loadmod_args: List[str] = [] - loadmod_paths: List[str] = [] - for m in loadmods: - noarg_path = m.rpartition("/")[0] - path_args = self.parser.get_all_args(noarg_path) - if loadmod_args: - if loadmod_args != path_args: - msg = ("Certbot encountered multiple LoadModule directives " - "for LoadModule ssl_module with differing library paths. " - "Please remove or comment out the one(s) that are not in " - "use, and run Certbot again.") - raise MisconfigurationError(msg) - else: - loadmod_args = [arg for arg in path_args if arg] - - centos_parser: CentOSParser = cast(CentOSParser, self.parser) - if centos_parser.not_modssl_ifmodule(noarg_path): - if centos_parser.loc["default"] in noarg_path: - # LoadModule already in the main configuration file - if "ifmodule/" in noarg_path.lower() or "ifmodule[1]" in noarg_path.lower(): - # It's the first or only IfModule in the file - return - # Populate the list of known !mod_ssl.c IfModules - nodir_path = noarg_path.rpartition("/directive")[0] - correct_ifmods.append(nodir_path) - else: - loadmod_paths.append(noarg_path) - - if not loadmod_args: - # Do not try to enable mod_ssl - return - - # Force creation as the directive wasn't found from the beginning of - # httpd.conf - rootconf_ifmod = self.parser.create_ifmod( - parser.get_aug_path(self.parser.loc["default"]), - "!mod_ssl.c", beginning=True) - # parser.get_ifmod returns a path postfixed with "/", remove that - self.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", loadmod_args) - correct_ifmods.append(rootconf_ifmod[:-1]) - self.save_notes += "Added LoadModule ssl_module to main configuration.\n" - - # Wrap LoadModule mod_ssl inside of if it's not - # configured like this already. - for loadmod_path in loadmod_paths: - nodir_path = loadmod_path.split("/directive")[0] - # Remove the old LoadModule directive - self.parser.aug.remove(loadmod_path) - - # Create a new IfModule !mod_ssl.c if not already found on path - ssl_ifmod = self.parser.get_ifmod(nodir_path, "!mod_ssl.c", beginning=True)[:-1] - if ssl_ifmod not in correct_ifmods: - self.parser.add_dir(ssl_ifmod, "LoadModule", loadmod_args) - correct_ifmods.append(ssl_ifmod) - self.save_notes += ("Wrapped pre-existing LoadModule ssl_module " - "inside of block.\n") - class CentOSParser(parser.ApacheParser): """CentOS specific ApacheParser override class""" @@ -174,33 +95,3 @@ class CentOSParser(parser.ApacheParser): defines = apache_util.parse_define_file(self.sysconfig_filep, "OPTIONS") for k, v in defines.items(): self.variables[k] = v - - def not_modssl_ifmodule(self, path: str) -> bool: - """Checks if the provided Augeas path has argument !mod_ssl""" - - if "ifmodule" not in path.lower(): - return False - - # Trim the path to the last ifmodule - workpath = path.lower() - while workpath: - # Get path to the last IfModule (ignore the tail) - parts = workpath.rpartition("ifmodule") - - if not parts[0]: - # IfModule not found - break - ifmod_path = parts[0] + parts[1] - # Check if ifmodule had an index - if parts[2].startswith("["): - # Append the index from tail - ifmod_path += parts[2].partition("/")[0] - # Get the original path trimmed to correct length - # This is required to preserve cases - ifmod_real_path = path[0:len(ifmod_path)] - if "!mod_ssl.c" in self.get_all_args(ifmod_real_path): - return True - # Set the workpath to the heading part - workpath = parts[0] - - return False diff --git a/certbot-apache/certbot_apache/_internal/parser.py b/certbot-apache/certbot_apache/_internal/parser.py index 46e61843f..b122979e4 100644 --- a/certbot-apache/certbot_apache/_internal/parser.py +++ b/certbot-apache/certbot_apache/_internal/parser.py @@ -47,6 +47,7 @@ class ApacheParser: arg_var_interpreter: Pattern = re.compile(r"\$\{[^ \}]*}") fnmatch_chars: Set[str] = {"*", "?", "\\", "[", "]"} + # pylint: disable=unused-argument def __init__(self, root: str, configurator: "ApacheConfigurator", vhostroot: str, version: Tuple[int, ...] = (2, 4)) -> None: # Note: Order is important here. @@ -74,9 +75,8 @@ class ApacheParser: self.loc: Dict[str, str] = {"root": self._find_config_root()} self.parse_file(self.loc["root"]) - if version >= (2, 4): - # Look up variables from httpd and add to DOM if not already parsed - self.update_runtime_variables() + # Look up variables from httpd and add to DOM if not already parsed + self.update_runtime_variables() # This problem has been fixed in Augeas 1.0 self.standardize_excl() @@ -95,11 +95,6 @@ class ApacheParser: self.parse_file(os.path.abspath(vhostroot) + "/" + self.configurator.options.vhost_files) - # check to see if there were unparsed define statements - if version < (2, 4): - if self.find_dir("Define", exclude=False): - raise errors.PluginError("Error parsing runtime variables") - def check_parsing_errors(self, lens: str) -> None: """Verify Augeas can parse all of the lens files. @@ -382,7 +377,7 @@ class ApacheParser: for i, arg in enumerate(args): self.aug.set("%s/arg[%d]" % (nvh_path, i + 1), arg) - def get_ifmod(self, aug_conf_path: str, mod: str, beginning: bool = False) -> str: + def get_ifmod(self, aug_conf_path: str, mod: str) -> str: """Returns the path to and creates one if it doesn't exist. :param str aug_conf_path: Augeas configuration path @@ -399,35 +394,26 @@ class ApacheParser: if_mods = self.aug.match(("%s/IfModule/*[self::arg='%s']" % (aug_conf_path, mod))) if not if_mods: - return self.create_ifmod(aug_conf_path, mod, beginning) + return self.create_ifmod(aug_conf_path, mod) # Strip off "arg" at end of first ifmod path return if_mods[0].rpartition("arg")[0] - def create_ifmod(self, aug_conf_path: str, mod: str, beginning: bool = False) -> str: + def create_ifmod(self, aug_conf_path: str, mod: str) -> str: """Creates a new and returns its path. :param str aug_conf_path: Augeas configuration path :param str mod: module ie. mod_ssl.c - :param bool beginning: If the IfModule should be created to the beginning - of augeas path DOM tree. :returns: Augeas path of the newly created IfModule directive. The path may be dynamic, i.e. .../IfModule[last()] :rtype: str """ - if beginning: - c_path_arg = "{}/IfModule[1]/arg".format(aug_conf_path) - # Insert IfModule before the first directive - self.aug.insert("{}/directive[1]".format(aug_conf_path), - "IfModule", True) - retpath = "{}/IfModule[1]/".format(aug_conf_path) - else: - c_path = "{}/IfModule[last() + 1]".format(aug_conf_path) - c_path_arg = "{}/IfModule[last()]/arg".format(aug_conf_path) - self.aug.set(c_path, "") - retpath = "{}/IfModule[last()]/".format(aug_conf_path) + c_path = "{}/IfModule[last() + 1]".format(aug_conf_path) + c_path_arg = "{}/IfModule[last()]/arg".format(aug_conf_path) + self.aug.set(c_path, "") + retpath = "{}/IfModule[last()]/".format(aug_conf_path) self.aug.set(c_path_arg, mod) return retpath @@ -587,20 +573,6 @@ class ApacheParser: return ordered_matches - def get_all_args(self, match: str) -> List[Optional[str]]: - """ - Tries to fetch all arguments for a directive. See get_arg. - - Note that if match is an ancestor node, it returns all names of - child directives as well as the list of arguments. - - """ - - if match[-1] != "/": - match = match + "/" - allargs = self.aug.match(match + '*') - return [self.get_arg(arg) for arg in allargs] - def get_arg(self, match: str) -> Optional[str]: """Uses augeas.get to get argument value and interprets result. diff --git a/certbot-apache/tests/centos6_test.py b/certbot-apache/tests/centos6_test.py deleted file mode 100644 index 85f1333e9..000000000 --- a/certbot-apache/tests/centos6_test.py +++ /dev/null @@ -1,228 +0,0 @@ -"""Test for certbot_apache._internal.configurator for CentOS 6 overrides""" -import unittest -from unittest import mock - -from certbot.compat import os -from certbot.errors import MisconfigurationError -from certbot_apache._internal import obj -from certbot_apache._internal import override_centos -from certbot_apache._internal import parser -import util - - -def get_vh_truth(temp_dir, config_name): - """Return the ground truth for the specified directory.""" - prefix = os.path.join( - temp_dir, config_name, "httpd/conf.d") - - aug_pre = "/files" + prefix - vh_truth = [ - obj.VirtualHost( - os.path.join(prefix, "test.example.com.conf"), - os.path.join(aug_pre, "test.example.com.conf/VirtualHost"), - {obj.Addr.fromstring("*:80")}, - False, True, "test.example.com"), - obj.VirtualHost( - os.path.join(prefix, "ssl.conf"), - os.path.join(aug_pre, "ssl.conf/VirtualHost"), - {obj.Addr.fromstring("_default_:443")}, - True, True, None) - ] - return vh_truth - -class CentOS6Tests(util.ApacheTest): - """Tests for CentOS 6""" - - def setUp(self): # pylint: disable=arguments-differ - test_dir = "centos6_apache/apache" - config_root = "centos6_apache/apache/httpd" - vhost_root = "centos6_apache/apache/httpd/conf.d" - super().setUp(test_dir=test_dir, - config_root=config_root, - vhost_root=vhost_root) - - self.config = util.get_apache_configurator( - self.config_path, self.vhost_path, self.config_dir, self.work_dir, - version=(2, 2, 15), os_info="centos") - self.vh_truth = get_vh_truth( - self.temp_dir, "centos6_apache/apache") - - def test_get_parser(self): - self.assertIsInstance(self.config.parser, override_centos.CentOSParser) - - def test_get_virtual_hosts(self): - """Make sure all vhosts are being properly found.""" - vhs = self.config.get_virtual_hosts() - self.assertEqual(len(vhs), 2) - found = 0 - - for vhost in vhs: - for centos_truth in self.vh_truth: - if vhost == centos_truth: - found += 1 - break - else: - raise Exception("Missed: %s" % vhost) # pragma: no cover - self.assertEqual(found, 2) - - @mock.patch("certbot_apache._internal.configurator.display_util.notify") - def test_loadmod_default(self, unused_mock_notify): - ssl_loadmods = self.config.parser.find_dir( - "LoadModule", "ssl_module", exclude=False) - self.assertEqual(len(ssl_loadmods), 1) - # Make sure the LoadModule ssl_module is in ssl.conf (default) - self.assertIn("ssl.conf", ssl_loadmods[0]) - # ...and that it's not inside of - self.assertNotIn("IfModule", ssl_loadmods[0]) - - # Get the example vhost - self.config.assoc["test.example.com"] = self.vh_truth[0] - self.config.deploy_cert( - "random.demo", "example/cert.pem", "example/key.pem", - "example/cert_chain.pem", "example/fullchain.pem") - self.config.save() - - post_loadmods = self.config.parser.find_dir( - "LoadModule", "ssl_module", exclude=False) - - # We should now have LoadModule ssl_module in root conf and ssl.conf - self.assertEqual(len(post_loadmods), 2) - for lm in post_loadmods: - # lm[:-7] removes "/arg[#]" from the path - arguments = self.config.parser.get_all_args(lm[:-7]) - self.assertEqual(arguments, ["ssl_module", "modules/mod_ssl.so"]) - # ...and both of them should be wrapped in - # lm[:-17] strips off /directive/arg[1] from the path. - ifmod_args = self.config.parser.get_all_args(lm[:-17]) - self.assertIn("!mod_ssl.c", ifmod_args) - - @mock.patch("certbot_apache._internal.configurator.display_util.notify") - def test_loadmod_multiple(self, unused_mock_notify): - sslmod_args = ["ssl_module", "modules/mod_ssl.so"] - # Adds another LoadModule to main httpd.conf in addtition to ssl.conf - self.config.parser.add_dir(self.config.parser.loc["default"], "LoadModule", - sslmod_args) - self.config.save() - pre_loadmods = self.config.parser.find_dir( - "LoadModule", "ssl_module", exclude=False) - # LoadModules are not within IfModule blocks - self.assertIs(any("ifmodule" in m.lower() for m in pre_loadmods), False) - self.config.assoc["test.example.com"] = self.vh_truth[0] - self.config.deploy_cert( - "random.demo", "example/cert.pem", "example/key.pem", - "example/cert_chain.pem", "example/fullchain.pem") - post_loadmods = self.config.parser.find_dir( - "LoadModule", "ssl_module", exclude=False) - - for mod in post_loadmods: - with self.subTest(mod=mod): - # pylint: disable=no-member - self.assertIs(self.config.parser.not_modssl_ifmodule(mod), True) - - @mock.patch("certbot_apache._internal.configurator.display_util.notify") - def test_loadmod_rootconf_exists(self, unused_mock_notify): - sslmod_args = ["ssl_module", "modules/mod_ssl.so"] - rootconf_ifmod = self.config.parser.get_ifmod( - parser.get_aug_path(self.config.parser.loc["default"]), - "!mod_ssl.c", beginning=True) - self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", sslmod_args) - self.config.save() - # Get the example vhost - self.config.assoc["test.example.com"] = self.vh_truth[0] - self.config.deploy_cert( - "random.demo", "example/cert.pem", "example/key.pem", - "example/cert_chain.pem", "example/fullchain.pem") - self.config.save() - - root_loadmods = self.config.parser.find_dir( - "LoadModule", "ssl_module", - start=parser.get_aug_path(self.config.parser.loc["default"]), - exclude=False) - - mods = [lm for lm in root_loadmods if self.config.parser.loc["default"] in lm] - - self.assertEqual(len(mods), 1) - # [:-7] removes "/arg[#]" from the path - self.assertEqual( - self.config.parser.get_all_args(mods[0][:-7]), - sslmod_args) - - @mock.patch("certbot_apache._internal.configurator.display_util.notify") - def test_neg_loadmod_already_on_path(self, unused_mock_notify): - loadmod_args = ["ssl_module", "modules/mod_ssl.so"] - ifmod = self.config.parser.get_ifmod( - self.vh_truth[1].path, "!mod_ssl.c", beginning=True) - self.config.parser.add_dir(ifmod[:-1], "LoadModule", loadmod_args) - self.config.parser.add_dir(self.vh_truth[1].path, "LoadModule", loadmod_args) - self.config.save() - pre_loadmods = self.config.parser.find_dir( - "LoadModule", "ssl_module", start=self.vh_truth[1].path, exclude=False) - self.assertEqual(len(pre_loadmods), 2) - # The ssl.conf now has two LoadModule directives, one inside of - # !mod_ssl.c IfModule - self.config.assoc["test.example.com"] = self.vh_truth[0] - self.config.deploy_cert( - "random.demo", "example/cert.pem", "example/key.pem", - "example/cert_chain.pem", "example/fullchain.pem") - self.config.save() - # Ensure that the additional LoadModule wasn't written into the IfModule - post_loadmods = self.config.parser.find_dir( - "LoadModule", "ssl_module", start=self.vh_truth[1].path, exclude=False) - self.assertEqual(len(post_loadmods), 1) - - def test_loadmod_non_duplicate(self): - # the modules/mod_ssl.so exists in ssl.conf - sslmod_args = ["ssl_module", "modules/mod_somethingelse.so"] - rootconf_ifmod = self.config.parser.get_ifmod( - parser.get_aug_path(self.config.parser.loc["default"]), - "!mod_ssl.c", beginning=True) - self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", sslmod_args) - self.config.save() - self.config.assoc["test.example.com"] = self.vh_truth[0] - pre_matches = self.config.parser.find_dir("LoadModule", - "ssl_module", exclude=False) - - self.assertRaises(MisconfigurationError, self.config.deploy_cert, - "random.demo", "example/cert.pem", "example/key.pem", - "example/cert_chain.pem", "example/fullchain.pem") - - post_matches = self.config.parser.find_dir("LoadModule", - "ssl_module", exclude=False) - # Make sure that none was changed - self.assertEqual(pre_matches, post_matches) - - @mock.patch("certbot_apache._internal.configurator.display_util.notify") - def test_loadmod_not_found(self, unused_mock_notify): - # Remove all existing LoadModule ssl_module... directives - orig_loadmods = self.config.parser.find_dir("LoadModule", - "ssl_module", - exclude=False) - for mod in orig_loadmods: - noarg_path = mod.rpartition("/")[0] - self.config.parser.aug.remove(noarg_path) - self.config.save() - self.config.deploy_cert( - "random.demo", "example/cert.pem", "example/key.pem", - "example/cert_chain.pem", "example/fullchain.pem") - - post_loadmods = self.config.parser.find_dir("LoadModule", - "ssl_module", - exclude=False) - self.assertEqual(post_loadmods, []) - - def test_no_ifmod_search_false(self): - #pylint: disable=no-member - - self.assertIs(self.config.parser.not_modssl_ifmodule( - "/path/does/not/include/ifmod" - ), False) - self.assertIs(self.config.parser.not_modssl_ifmodule( - "" - ), False) - self.assertIs(self.config.parser.not_modssl_ifmodule( - "/path/includes/IfModule/but/no/arguments" - ), False) - - -if __name__ == "__main__": - unittest.main() # pragma: no cover diff --git a/certbot-apache/tests/configurator_test.py b/certbot-apache/tests/configurator_test.py index 3a557bb71..566907506 100644 --- a/certbot-apache/tests/configurator_test.py +++ b/certbot-apache/tests/configurator_test.py @@ -443,18 +443,6 @@ class MultipleVhostsTest(util.ApacheTest): "SSLCertificateChainFile", "two/cert_chain.pem", self.vh_truth[1].path)) - def test_is_name_vhost(self): - addr = obj.Addr.fromstring("*:80") - self.assertIs(self.config.is_name_vhost(addr), True) - self.config.version = (2, 2) - self.assertIs(self.config.is_name_vhost(addr), False) - - def test_add_name_vhost(self): - self.config.add_name_vhost(obj.Addr.fromstring("*:443")) - self.config.add_name_vhost(obj.Addr.fromstring("*:80")) - self.assertTrue(self.config.parser.find_dir("NameVirtualHost", "*:443", exclude=False)) - self.assertTrue(self.config.parser.find_dir("NameVirtualHost", "*:80")) - def test_add_listen_80(self): mock_find = mock.Mock() mock_add_dir = mock.Mock() @@ -642,9 +630,6 @@ class MultipleVhostsTest(util.ApacheTest): self.assertIs(ssl_vhost.ssl, True) self.assertIs(ssl_vhost.enabled, False) - self.assertEqual(self.config.is_name_vhost(self.vh_truth[0]), - self.config.is_name_vhost(ssl_vhost)) - self.assertEqual(len(self.config.vhosts), 13) def test_clean_vhost_ssl(self): @@ -721,21 +706,6 @@ class MultipleVhostsTest(util.ApacheTest): # pylint: disable=protected-access self.assertIs(self.config._get_ssl_vhost_path("example_path").endswith(".conf"), True) - def test_add_name_vhost_if_necessary(self): - # pylint: disable=protected-access - self.config.add_name_vhost = mock.Mock() - self.config.version = (2, 2) - self.config._add_name_vhost_if_necessary(self.vh_truth[0]) - self.assertIs(self.config.add_name_vhost.called, True) - - new_addrs = set() - for addr in self.vh_truth[0].addrs: - new_addrs.add(obj.Addr(("_default_", addr.get_port(),))) - - self.vh_truth[0].addrs = new_addrs - self.config._add_name_vhost_if_necessary(self.vh_truth[0]) - self.assertEqual(self.config.add_name_vhost.call_count, 2) - @mock.patch("certbot_apache._internal.configurator.http_01.ApacheHttp01.perform") @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.restart") def test_perform(self, mock_restart, mock_http_perform): @@ -946,20 +916,6 @@ class MultipleVhostsTest(util.ApacheTest): self.assertEqual(len(stapling_cache_aug_path), 1) - - @mock.patch("certbot.util.exe_exists") - def test_ocsp_unsupported_apache_version(self, mock_exe): - mock_exe.return_value = True - self.config.parser.update_runtime_variables = mock.Mock() - self.config.parser.modules["mod_ssl.c"] = None - self.config.parser.modules["socache_shmcb_module"] = None - self.config.get_version = mock.Mock(return_value=(2, 2, 0)) - self.config.choose_vhost("certbot.demo") - - self.assertRaises(errors.PluginError, - self.config.enhance, "certbot.demo", "staple-ocsp") - - def test_get_http_vhost_third_filter(self): ssl_vh = obj.VirtualHost( "fp", "ap", {obj.Addr(("*", "443"))}, @@ -1137,7 +1093,7 @@ class MultipleVhostsTest(util.ApacheTest): self.config.parser.modules["rewrite_module"] = None self.config.parser.update_runtime_variables = mock.Mock() mock_exe.return_value = True - self.config.get_version = mock.Mock(return_value=(2, 2, 0)) + self.config.get_version = mock.Mock(return_value=(2, 4, 0)) ssl_vhost = self.config.choose_vhost("certbot.demo") @@ -1567,9 +1523,6 @@ class MultiVhostsTest(util.ApacheTest): self.assertIs(ssl_vhost.ssl, True) self.assertIs(ssl_vhost.enabled, False) - self.assertEqual(self.config.is_name_vhost(self.vh_truth[1]), - self.config.is_name_vhost(ssl_vhost)) - mock_path = "certbot_apache._internal.configurator.ApacheConfigurator._get_new_vh_path" with mock.patch(mock_path) as mock_getpath: mock_getpath.return_value = None diff --git a/certbot-apache/tests/http_01_test.py b/certbot-apache/tests/http_01_test.py index 9085f68dc..65dfb6344 100644 --- a/certbot-apache/tests/http_01_test.py +++ b/certbot-apache/tests/http_01_test.py @@ -53,15 +53,6 @@ class ApacheHttp01Test(util.ApacheTest): def test_empty_perform(self): self.assertEqual(len(self.http.perform()), 0) - @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.enable_mod") - def test_enable_modules_apache_2_2(self, mock_enmod): - self.config.version = (2, 2) - del self.config.parser.modules["authz_host_module"] - del self.config.parser.modules["mod_authz_host.c"] - - enmod_calls = self.common_enable_modules_test(mock_enmod) - self.assertEqual(enmod_calls[0][0][0], "authz_host") - @mock.patch("certbot_apache._internal.configurator.ApacheConfigurator.enable_mod") def test_enable_modules_apache_2_4(self, mock_enmod): del self.config.parser.modules["authz_core_module"] @@ -143,21 +134,12 @@ class ApacheHttp01Test(util.ApacheTest): self.config.config.http01_port = 12345 self.assertRaises(errors.PluginError, self.http.perform) - def test_perform_1_achall_apache_2_2(self): - self.combinations_perform_test(num_achalls=1, minor_version=2) - def test_perform_1_achall_apache_2_4(self): self.combinations_perform_test(num_achalls=1, minor_version=4) - def test_perform_2_achall_apache_2_2(self): - self.combinations_perform_test(num_achalls=2, minor_version=2) - def test_perform_2_achall_apache_2_4(self): self.combinations_perform_test(num_achalls=2, minor_version=4) - def test_perform_3_achall_apache_2_2(self): - self.combinations_perform_test(num_achalls=3, minor_version=2) - def test_perform_3_achall_apache_2_4(self): self.combinations_perform_test(num_achalls=3, minor_version=4) @@ -230,10 +212,7 @@ class ApacheHttp01Test(util.ApacheTest): self.assertIn("RewriteRule", pre_conf_contents) self.assertIn(self.http.challenge_dir, post_conf_contents) - if self.config.version < (2, 4): - self.assertIn("Allow from all", post_conf_contents) - else: - self.assertIn("Require all granted", post_conf_contents) + self.assertIn("Require all granted", post_conf_contents) def _test_challenge_file(self, achall): name = os.path.join(self.http.challenge_dir, achall.chall.encode("token")) diff --git a/certbot-apache/tests/parser_test.py b/certbot-apache/tests/parser_test.py index 1062156e3..31a769ddd 100644 --- a/certbot-apache/tests/parser_test.py +++ b/certbot-apache/tests/parser_test.py @@ -370,15 +370,6 @@ class ParserInitTest(util.ApacheTest): ApacheParser, os.path.relpath(self.config_path), self.config, "/dummy/vhostpath", version=(2, 4, 22)) - @mock.patch("certbot_apache._internal.apache_util._get_runtime_cfg") - def test_unparseable(self, mock_cfg): - from certbot_apache._internal.parser import ApacheParser - mock_cfg.return_value = ('Define: TEST') - self.assertRaises( - errors.PluginError, - ApacheParser, os.path.relpath(self.config_path), self.config, - "/dummy/vhostpath", version=(2, 2, 22)) - def test_root_normalized(self): from certbot_apache._internal.parser import ApacheParser diff --git a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/README b/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/README deleted file mode 100644 index c12e149f2..000000000 --- a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/README +++ /dev/null @@ -1,9 +0,0 @@ - -This directory holds Apache 2.0 module-specific configuration files; -any files in this directory which have the ".conf" extension will be -processed as Apache configuration files. - -Files are processed in alphabetical order, so if using configuration -directives which depend on, say, mod_perl being loaded, ensure that -these are placed in a filename later in the sort order than "perl.conf". - diff --git a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/ssl.conf b/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/ssl.conf deleted file mode 100644 index abe07dd0c..000000000 --- a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/ssl.conf +++ /dev/null @@ -1,222 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -LoadModule ssl_module modules/mod_ssl.so - -# -# When we also provide SSL we have to listen to the -# the HTTPS port in addition. -# -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is an internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex default - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - - - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog logs/ssl_error_log -TransferLog logs/ssl_access_log -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Protocol support: -# List the enable protocol levels with which clients will be able to -# connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A new -# certificate can be generated using the genkey(1) command. -SSLCertificateFile /etc/pki/tls/certs/localhost.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -# -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - diff --git a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/test.example.com.conf b/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/test.example.com.conf deleted file mode 100644 index 3dd7b18f1..000000000 --- a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/test.example.com.conf +++ /dev/null @@ -1,7 +0,0 @@ - - ServerName test.example.com - ServerAdmin webmaster@dummy-host.example.com - DocumentRoot /var/www/htdocs - ErrorLog logs/dummy-host.example.com-error_log - CustomLog logs/dummy-host.example.com-access_log common - diff --git a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/welcome.conf b/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/welcome.conf deleted file mode 100644 index c1d23c512..000000000 --- a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf.d/welcome.conf +++ /dev/null @@ -1,11 +0,0 @@ -# -# This configuration file enables the default "Welcome" -# page if there is no default index page present for -# the root URL. To disable the Welcome page, comment -# out all the lines below. -# - - Options -Indexes - ErrorDocument 403 /error/noindex.html - - diff --git a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf/httpd.conf b/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf/httpd.conf deleted file mode 100644 index eac6143da..000000000 --- a/certbot-apache/tests/testdata/centos6_apache/apache/httpd/conf/httpd.conf +++ /dev/null @@ -1,1009 +0,0 @@ -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running -ServerTokens OS - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "/etc/httpd" - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. Note the PIDFILE variable in -# /etc/sysconfig/httpd must be set appropriately if this location is -# changed. -# -PidFile run/httpd.pid - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 60 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive Off - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 - - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 4 -MaxClients 300 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 - - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_alias_module modules/mod_authn_alias.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule include_module modules/mod_include.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule expires_module modules/mod_expires.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule headers_module modules/mod_headers.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule info_module modules/mod_info.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule cache_module modules/mod_cache.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule version_module modules/mod_version.so - -# -# The following modules are not loaded by default: -# -#LoadModule asis_module modules/mod_asis.so -#LoadModule authn_dbd_module modules/mod_authn_dbd.so -#LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule cgid_module modules/mod_cgid.so -#LoadModule dbd_module modules/mod_dbd.so -#LoadModule dumpio_module modules/mod_dumpio.so -#LoadModule filter_module modules/mod_filter.so -#LoadModule ident_module modules/mod_ident.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule unique_id_module modules/mod_unique_id.so -# - -# -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User apache -Group apache - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# - - Options FollowSymLinks - AllowOverride None - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# - - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#options -# for more information. -# - Options Indexes FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - - - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# - - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html - - - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Order allow,deny - Deny from all - Satisfy All - - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# - -# MIMEMagicFile /usr/share/magic.mime - MIMEMagicFile conf/magic - - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access_log common - -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/var/www/icons/" - - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - - -# -# WebDAV module configuration section. -# - - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb - - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Order allow,deny - Allow from all - - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif /core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portuguese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/var/www/error/" - - - - - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - - - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -# -#ProxyRequests On -# -# -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable a cache of proxied content, uncomment the following lines. -# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. -# -# -# CacheEnable disk / -# CacheRoot "/var/cache/mod_proxy" -# -# - -# -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -# -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -#